diff --git a/x-pack/plugins/alerting/server/integration_tests/__snapshots__/serverless_upgrade_and_rollback_checks.test.ts.snap b/x-pack/plugins/alerting/server/integration_tests/__snapshots__/serverless_upgrade_and_rollback_checks.test.ts.snap index 1d91422077554..c84a3565d48f6 100644 --- a/x-pack/plugins/alerting/server/integration_tests/__snapshots__/serverless_upgrade_and_rollback_checks.test.ts.snap +++ b/x-pack/plugins/alerting/server/integration_tests/__snapshots__/serverless_upgrade_and_rollback_checks.test.ts.snap @@ -3188,6 +3188,12 @@ Object { }, "name": "custom", }, + Object { + "args": Object { + "method": [Function], + }, + "name": "custom", + }, ], "type": "string", }, @@ -5627,6 +5633,12 @@ Object { }, "name": "custom", }, + Object { + "args": Object { + "method": [Function], + }, + "name": "custom", + }, ], "type": "string", }, diff --git a/x-pack/plugins/observability_solution/observability/server/lib/rules/custom_threshold/register_custom_threshold_rule_type.ts b/x-pack/plugins/observability_solution/observability/server/lib/rules/custom_threshold/register_custom_threshold_rule_type.ts index 5a711455318a7..2fe8cbe76d294 100644 --- a/x-pack/plugins/observability_solution/observability/server/lib/rules/custom_threshold/register_custom_threshold_rule_type.ts +++ b/x-pack/plugins/observability_solution/observability/server/lib/rules/custom_threshold/register_custom_threshold_rule_type.ts @@ -36,7 +36,7 @@ import { valueActionVariableDescription, viewInAppUrlActionVariableDescription, } from './translations'; -import { oneOfLiterals } from './utils'; +import { oneOfLiterals, validateKQLStringFilter } from './utils'; import { createCustomThresholdExecutor, CustomThresholdLocators, @@ -57,11 +57,9 @@ export const searchConfigurationSchema = schema.object({ index: schema.oneOf([schema.string(), dataViewSpecSchema]), query: schema.object({ language: schema.string(), - query: schema.string(), - // TODO Enable KQL validation: https://github.com/elastic/kibana/issues/190029 - // query: schema.string({ - // validate: validateKQLStringFilter, - // }), + query: schema.string({ + validate: validateKQLStringFilter, + }), }), filter: schema.maybe( schema.arrayOf( @@ -105,11 +103,9 @@ export function thresholdRuleType( name: schema.string(), aggType: schema.literal('count'), filter: schema.maybe( - schema.string() - // TODO Enable KQL validation: https://github.com/elastic/kibana/issues/190029 - // schema.string({ - // validate: validateKQLStringFilter, - // }) + schema.string({ + validate: validateKQLStringFilter, + }) ), field: schema.never(), }), diff --git a/x-pack/plugins/observability_solution/observability/server/lib/rules/custom_threshold/utils.ts b/x-pack/plugins/observability_solution/observability/server/lib/rules/custom_threshold/utils.ts index 783127978bae4..d79bdbb86d04f 100644 --- a/x-pack/plugins/observability_solution/observability/server/lib/rules/custom_threshold/utils.ts +++ b/x-pack/plugins/observability_solution/observability/server/lib/rules/custom_threshold/utils.ts @@ -52,7 +52,11 @@ export const validateKQLStringFilter = (value: string) => { } try { - kbnBuildEsQuery(undefined, [{ query: value, language: 'kuery' }], []); + kbnBuildEsQuery(undefined, [{ query: value, language: 'kuery' }], [], { + allowLeadingWildcards: true, + queryStringOptions: {}, + ignoreFilterIfFieldNotInIndex: true, + }); } catch (e) { return i18n.translate('xpack.observability.customThreshold.rule.schema.invalidFilterQuery', { defaultMessage: `filterQuery must be a valid KQL filter (error: ${e.message})`,