Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Maps][Alerting] Support runtime fields for containment alerts #89585

Closed
thomasneirynck opened this issue Jan 28, 2021 · 4 comments
Closed

[Maps][Alerting] Support runtime fields for containment alerts #89585

thomasneirynck opened this issue Jan 28, 2021 · 4 comments
Assignees
@kindsun
Labels
bug Fixes for quality problems that affect the customer experience [Deprecated-Use Team:Presentation]Team:Geo Former Team Label for Geo Team. Now use Team:Presentation v7.12.0 v8.0.0

Comments

@thomasneirynck
Copy link
Contributor

Before Alerting goes GA, geo-containment alert should support runtime fields.
@thomasneirynck thomasneirynck added bug Fixes for quality problems that affect the customer experience [Deprecated-Use Team:Presentation]Team:Geo Former Team Label for Geo Team. Now use Team:Presentation v8.0.0 v7.12.0 labels Jan 28, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-gis (Team:Geo)

@kindsun kindsun mentioned this issue Jan 28, 2021
Closed
20 tasks
@kindsun
Copy link
Contributor

kindsun commented Jan 29, 2021
edited
Loading

Testing Tracking containment alerting, I got the following results:

            UI		    Server query
keyword     Y           Y
date        Y           Y				
double      Y           Y
geo_point   Y         	Y

To test Geo containment alerting, the following test mappings were used to generate alerts:

PUT /tracks/_mappings
{
  "runtime": {
    "rtTimestamp": {
      "type": "date",
      "script": {
        "source": "emit(ZonedDateTime.parse(params._source['@timestamp']).toInstant().toEpochMilli())"
      }
    }
  }
}

PUT /tracks/_mappings
{
    "runtime" : {
        "rtEntity_id" : {
            "type" : "keyword",
            "script" : {
                "source" : "emit(doc['entity_id'].value)"
            }
        }
    }
}

PUT /tracks/_mappings
{
    "runtime" : {
        "rtSpeed" : {
            "type" : "double",
            "script" : {
                "source" : "emit(doc['speed'].value)"
            }
        }
    }
}

PUT /tracks/_mappings
{
    "runtime" : {
        "rtLocation" : {
            "type" : "geo_point",
            "script" : {
                "source" : "emit(params._source.location.lat, params._source.location.lon)"
            }
        }
    }
}

@kindsun
Copy link
Contributor

kindsun commented Feb 1, 2021
edited
Loading

In spite of the fact that Runtime Fields appear to work fine, we probably still should move forward with leveraging the data plugin's SearchSource for queries to be more "future proof". Currently this isn't possible within an alert executor as the data plugin isn't one of the services passed in to the function. Adding the data plugin to the alerting executor function services has already been identified in #87990

@kindsun
Copy link
Contributor

kindsun commented Feb 4, 2021

Since Runtime fields appear currently supported, closing this issue for now. We can re-open if anything changes.

@kindsun kindsun closed this as completed Feb 4, 2021
@thomasneirynck thomasneirynck mentioned this issue Feb 24, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kindsun kindsun

Labels
bug Fixes for quality problems that affect the customer experience [Deprecated-Use Team:Presentation]Team:Geo Former Team Label for Geo Team. Now use Team:Presentation v7.12.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kindsun @thomasneirynck @elasticmachine