Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[RAC] Replace usages of kibana.alert.status: open with active #109033

Merged
merged 20 commits into from
Aug 26, 2021
Merged

[RAC] Replace usages of kibana.alert.status: open with active #109033

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
c08c054
Replace usages of alert.status: open with active
marshallmain Aug 18, 2021
080010d
Update unit tests
marshallmain Aug 18, 2021
aceee9d
Add back home.disableWelcomeScreen=true
marshallmain Aug 18, 2021
fc2afb3
Only disable welcome screen within APM ftr config
marshallmain Aug 18, 2021
23b237c
Merge branch 'master' into update-alert-status-usage
marshallmain Aug 18, 2021
509056c
Add disableWelcomeScreen option to security solution cypress config
marshallmain Aug 18, 2021
8fe9523
Merge branch 'master' into update-alert-status-usage
marshallmain Aug 18, 2021
b3c5545
Fix reference to workflow status
marshallmain Aug 18, 2021
7c96cb6
Merge branch 'master' into update-alert-status-usage
marshallmain Aug 18, 2021
032152c
oops
marshallmain Aug 19, 2021
e7b29fd
Merge branch 'master' into update-alert-status-usage
marshallmain Aug 19, 2021
a3e44b5
Remove duplicate disableWelcomeScreen
marshallmain Aug 19, 2021
736b94b
Merge branch 'master' into update-alert-status-usage
kibanamachine Aug 19, 2021
35b18e5
Merge branch 'master' into update-alert-status-usage
kibanamachine Aug 20, 2021
902ff37
Merge branch 'master' into update-alert-status-usage
kibanamachine Aug 20, 2021
3d0b71c
Merge branch 'master' into update-alert-status-usage
marshallmain Aug 20, 2021
477c7c4
Merge branch 'master' into update-alert-status-usage
kibanamachine Aug 23, 2021
883808e
Merge branch 'master' into update-alert-status-usage
marshallmain Aug 26, 2021
f7db200
Update README.md
marshallmain Aug 26, 2021
bd22132
Merge branch 'update-alert-status-usage' of github.com:marshallmain/k…
marshallmain Aug 26, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion x-pack/plugins/apm/public/components/shared/charts/helper/get_alert_annotations.test.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ import {
ALERT_SEVERITY,
ALERT_START,
ALERT_STATUS,
ALERT_STATUS_ACTIVE,
ALERT_UUID,
SPACE_IDS,
ALERT_RULE_UUID,
Expand Down Expand Up @@ -43,7 +44,7 @@ const alert: Alert = {
'service.name': ['frontend-rum'],
[ALERT_RULE_NAME]: ['Latency threshold | frontend-rum'],
[ALERT_DURATION]: [62879000],
[ALERT_STATUS]: ['open'],
[ALERT_STATUS]: [ALERT_STATUS_ACTIVE],
[SPACE_IDS]: ['myfakespaceid'],
tags: ['apm', 'service.name:frontend-rum'],
'transaction.type': ['page-load'],
Expand Down
7 changes: 4 additions & 3 deletions x-pack/plugins/apm/public/components/shared/charts/latency_chart/latency_chart.stories.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import {
ALERT_SEVERITY,
ALERT_START,
ALERT_STATUS,
ALERT_STATUS_ACTIVE,
ALERT_UUID,
ALERT_RULE_UUID,
ALERT_RULE_NAME,
Expand Down Expand Up @@ -133,7 +134,7 @@ Example.args = {
'service.name': ['frontend-rum'],
[ALERT_RULE_NAME]: ['Latency threshold | frontend-rum'],
[ALERT_DURATION]: [10000000000],
[ALERT_STATUS]: ['open'],
[ALERT_STATUS]: [ALERT_STATUS_ACTIVE],
tags: ['apm', 'service.name:frontend-rum'],
'transaction.type': ['page-load'],
[ALERT_RULE_PRODUCER]: ['apm'],
Expand All @@ -154,7 +155,7 @@ Example.args = {
'service.name': ['frontend-rum'],
[ALERT_RULE_NAME]: ['Latency threshold | frontend-rum'],
[ALERT_DURATION]: [10000000000],
[ALERT_STATUS]: ['open'],
[ALERT_STATUS]: [ALERT_STATUS_ACTIVE],
tags: ['apm', 'service.name:frontend-rum'],
'transaction.type': ['page-load'],
[ALERT_RULE_PRODUCER]: ['apm'],
Expand All @@ -176,7 +177,7 @@ Example.args = {
'service.name': ['frontend-rum'],
[ALERT_RULE_NAME]: ['Latency threshold | frontend-rum'],
[ALERT_DURATION]: [1000000000],
[ALERT_STATUS]: ['open'],
[ALERT_STATUS]: [ALERT_STATUS_ACTIVE],
tags: ['apm', 'service.name:frontend-rum'],
'transaction.type': ['page-load'],
[ALERT_RULE_PRODUCER]: ['apm'],
Expand Down
6 changes: 4 additions & 2 deletions x-pack/plugins/observability/public/pages/alerts/example_data.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@ import {
ALERT_RULE_TYPE_ID,
ALERT_START,
ALERT_STATUS,
ALERT_STATUS_ACTIVE,
ALERT_STATUS_RECOVERED,
ALERT_UUID,
ALERT_RULE_UUID,
ALERT_RULE_NAME,
Expand All @@ -26,7 +28,7 @@ export const apmAlertResponseExample = [
'service.name': ['opbeans-java'],
[ALERT_RULE_NAME]: ['Error count threshold | opbeans-java (smith test)'],
[ALERT_DURATION]: [180057000],
[ALERT_STATUS]: ['open'],
[ALERT_STATUS]: [ALERT_STATUS_ACTIVE],
[ALERT_SEVERITY]: ['warning'],
tags: ['apm', 'service.name:opbeans-java'],
[ALERT_UUID]: ['0175ec0a-a3b1-4d41-b557-e21c2d024352'],
Expand All @@ -47,7 +49,7 @@ export const apmAlertResponseExample = [
[ALERT_RULE_NAME]: ['Error count threshold | opbeans-java (smith test)'],
[ALERT_DURATION]: [2419005000],
[ALERT_END]: ['2021-04-12T13:49:49.446Z'],
[ALERT_STATUS]: ['closed'],
[ALERT_STATUS]: [ALERT_STATUS_RECOVERED],
tags: ['apm', 'service.name:opbeans-java'],
[ALERT_UUID]: ['32b940e1-3809-4c12-8eee-f027cbb385e2'],
[ALERT_RULE_UUID]: ['474920d0-93e9-11eb-ac86-0b455460de81'],
Expand Down
34 changes: 18 additions & 16 deletions x-pack/plugins/rule_registry/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,20 +47,23 @@ await plugins.ruleRegistry.createOrUpdateComponentTemplate({
// mappingFromFieldMap is a utility function that will generate an
// ES mapping from a field map object. You can also define a literal
// mapping.
mappings: mappingFromFieldMap({
[SERVICE_NAME]: {
type: 'keyword',
mappings: mappingFromFieldMap(
{
[SERVICE_NAME]: {
type: 'keyword',
},
[SERVICE_ENVIRONMENT]: {
type: 'keyword',
},
[TRANSACTION_TYPE]: {
type: 'keyword',
},
[PROCESSOR_EVENT]: {
type: 'keyword',
},
},
[SERVICE_ENVIRONMENT]: {
type: 'keyword',
},
[TRANSACTION_TYPE]: {
type: 'keyword',
},
[PROCESSOR_EVENT]: {
type: 'keyword',
},
}, 'strict'),
'strict'
),
},
},
});
Expand Down Expand Up @@ -129,12 +132,11 @@ The following fields are defined in the technical field component template and s
- `kibana.alert.rule.consumer`: the feature which produced the alert (inherited from the rule producer field). Usually a Kibana feature id like `apm`, `siem`...
- `kibana.alert.id`: the id of the alert, that is unique within the context of the rule execution it was created in. E.g., for a rule that monitors latency for all services in all environments, this might be `opbeans-java:production`.
- `kibana.alert.uuid`: the unique identifier for the alert during its lifespan. If an alert recovers (or closes), this identifier is re-generated when it is opened again.
- `kibana.alert.status`: the status of the alert. Can be `open` or `closed`.
- `kibana.alert.status`: the status of the alert. Can be `active` or `recovered`.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we have an entry for kibana.alert.workflow_status as well?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, the readme is pretty out of date so I'm planning to update the rest of it in a follow up PR

- `kibana.alert.start`: the ISO timestamp of the time at which the alert started.
- `kibana.alert.end`: the ISO timestamp of the time at which the alert recovered.
- `kibana.alert.duration.us`: the duration of the alert, in microseconds. This is always the difference between either the current time, or the time when the alert recovered.
- `kibana.alert.severity.level`: the severity of the alert, as a keyword (e.g. critical).
- `kibana.alert.severity.value`: the severity of the alert, as a numerical value, which allows sorting.
- `kibana.alert.severity`: the severity of the alert, as a keyword (e.g. critical).
- `kibana.alert.evaluation.value`: The measured (numerical value).
- `kibana.alert.threshold.value`: The threshold that was defined (or, in case of multiple thresholds, the one that was exceeded).
- `kibana.alert.ancestors`: the array of ancestors (if any) for the alert.
Expand Down
31 changes: 16 additions & 15 deletions x-pack/plugins/rule_registry/server/alert_data_client/tests/bulk_update.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
import {
ALERT_RULE_CONSUMER,
ALERT_STATUS,
ALERT_STATUS_ACTIVE,
SPACE_IDS,
ALERT_RULE_TYPE_ID,
} from '@kbn/rule-data-utils';
Expand Down Expand Up @@ -93,7 +94,7 @@ describe('bulkUpdate()', () => {
_source: {
[ALERT_RULE_TYPE_ID]: 'apm.error_rate',
[ALERT_RULE_CONSUMER]: 'apm',
[ALERT_STATUS]: 'open',
[ALERT_STATUS]: ALERT_STATUS_ACTIVE,
[SPACE_IDS]: [DEFAULT_SPACE],
},
},
Expand Down Expand Up @@ -150,7 +151,7 @@ describe('bulkUpdate()', () => {
_source: {
[ALERT_RULE_TYPE_ID]: fakeRuleTypeId,
[ALERT_RULE_CONSUMER]: 'apm',
[ALERT_STATUS]: 'open',
[ALERT_STATUS]: ALERT_STATUS_ACTIVE,
[SPACE_IDS]: [DEFAULT_SPACE],
},
},
Expand Down Expand Up @@ -196,7 +197,7 @@ describe('bulkUpdate()', () => {
_source: {
[ALERT_RULE_TYPE_ID]: 'apm.error_rate',
[ALERT_RULE_CONSUMER]: 'apm',
[ALERT_STATUS]: 'open',
[ALERT_STATUS]: ALERT_STATUS_ACTIVE,
[SPACE_IDS]: [DEFAULT_SPACE],
},
},
Expand All @@ -206,7 +207,7 @@ describe('bulkUpdate()', () => {
_source: {
[ALERT_RULE_TYPE_ID]: fakeRuleTypeId,
[ALERT_RULE_CONSUMER]: 'apm',
[ALERT_STATUS]: 'open',
[ALERT_STATUS]: ALERT_STATUS_ACTIVE,
[SPACE_IDS]: [DEFAULT_SPACE],
},
},
Expand Down Expand Up @@ -283,7 +284,7 @@ describe('bulkUpdate()', () => {
_source: {
[ALERT_RULE_TYPE_ID]: 'apm.error_rate',
[ALERT_RULE_CONSUMER]: 'apm',
[ALERT_STATUS]: 'open',
[ALERT_STATUS]: ALERT_STATUS_ACTIVE,
[SPACE_IDS]: [DEFAULT_SPACE],
},
},
Expand All @@ -303,7 +304,7 @@ describe('bulkUpdate()', () => {

await alertsClient.bulkUpdate({
ids: undefined,
query: `${ALERT_STATUS}: open`,
query: `${ALERT_STATUS}: ${ALERT_STATUS_ACTIVE}`,
index: indexName,
status: 'closed',
});
Expand Down Expand Up @@ -343,7 +344,7 @@ describe('bulkUpdate()', () => {
_source: {
[ALERT_RULE_TYPE_ID]: fakeRuleTypeId,
[ALERT_RULE_CONSUMER]: 'apm',
[ALERT_STATUS]: 'open',
[ALERT_STATUS]: ALERT_STATUS_ACTIVE,
[SPACE_IDS]: [DEFAULT_SPACE],
},
},
Expand All @@ -355,13 +356,13 @@ describe('bulkUpdate()', () => {
await expect(
alertsClient.bulkUpdate({
ids: undefined,
query: `${ALERT_STATUS}: open`,
query: `${ALERT_STATUS}: ${ALERT_STATUS_ACTIVE}`,
index: indexName,
status: 'closed',
})
).rejects.toThrowErrorMatchingInlineSnapshot(`
"queryAndAuditAllAlerts threw an error: Unable to retrieve alerts with query \\"kibana.alert.status: open\\" and operation update
Error: Unable to retrieve alert details for alert with id of \\"null\\" or with query \\"kibana.alert.status: open\\" and operation update
"queryAndAuditAllAlerts threw an error: Unable to retrieve alerts with query \\"kibana.alert.status: active\\" and operation update
Error: Unable to retrieve alert details for alert with id of \\"null\\" or with query \\"kibana.alert.status: active\\" and operation update
Error: Error: Unauthorized for fake.rule and apm"
`);

Expand Down Expand Up @@ -404,7 +405,7 @@ describe('bulkUpdate()', () => {
_source: {
[ALERT_RULE_TYPE_ID]: 'apm.error_rate',
[ALERT_RULE_CONSUMER]: 'apm',
[ALERT_STATUS]: 'open',
[ALERT_STATUS]: ALERT_STATUS_ACTIVE,
[SPACE_IDS]: [DEFAULT_SPACE],
},
},
Expand All @@ -414,7 +415,7 @@ describe('bulkUpdate()', () => {
_source: {
[ALERT_RULE_TYPE_ID]: fakeRuleTypeId,
[ALERT_RULE_CONSUMER]: 'apm',
[ALERT_STATUS]: 'open',
[ALERT_STATUS]: ALERT_STATUS_ACTIVE,
[SPACE_IDS]: [DEFAULT_SPACE],
},
},
Expand All @@ -426,13 +427,13 @@ describe('bulkUpdate()', () => {
await expect(
alertsClient.bulkUpdate({
ids: undefined,
query: `${ALERT_STATUS}: open`,
query: `${ALERT_STATUS}: ${ALERT_STATUS_ACTIVE}`,
index: indexName,
status: 'closed',
})
).rejects.toThrowErrorMatchingInlineSnapshot(`
"queryAndAuditAllAlerts threw an error: Unable to retrieve alerts with query \\"kibana.alert.status: open\\" and operation update
Error: Unable to retrieve alert details for alert with id of \\"null\\" or with query \\"kibana.alert.status: open\\" and operation update
"queryAndAuditAllAlerts threw an error: Unable to retrieve alerts with query \\"kibana.alert.status: active\\" and operation update
Error: Unable to retrieve alert details for alert with id of \\"null\\" or with query \\"kibana.alert.status: active\\" and operation update
Error: Error: Unauthorized for fake.rule and apm"
`);

Expand Down
13 changes: 7 additions & 6 deletions x-pack/plugins/rule_registry/server/alert_data_client/tests/get.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
import {
ALERT_RULE_CONSUMER,
ALERT_STATUS,
ALERT_STATUS_ACTIVE,
SPACE_IDS,
ALERT_RULE_TYPE_ID,
} from '@kbn/rule-data-utils';
Expand Down Expand Up @@ -103,7 +104,7 @@ describe('get()', () => {
[ALERT_RULE_TYPE_ID]: 'apm.error_rate',
message: 'hello world 1',
[ALERT_RULE_CONSUMER]: 'apm',
[ALERT_STATUS]: 'open',
[ALERT_STATUS]: ALERT_STATUS_ACTIVE,
[SPACE_IDS]: ['test_default_space_id'],
},
},
Expand All @@ -117,7 +118,7 @@ describe('get()', () => {
Object {
"kibana.alert.rule.consumer": "apm",
"kibana.alert.rule.rule_type_id": "apm.error_rate",
"kibana.alert.status": "open",
"kibana.alert.status": "active",
"kibana.space_ids": Array [
"test_default_space_id",
],
Expand Down Expand Up @@ -212,7 +213,7 @@ describe('get()', () => {
[ALERT_RULE_TYPE_ID]: 'apm.error_rate',
message: 'hello world 1',
[ALERT_RULE_CONSUMER]: 'apm',
[ALERT_STATUS]: 'open',
[ALERT_STATUS]: ALERT_STATUS_ACTIVE,
[SPACE_IDS]: ['test_default_space_id'],
},
},
Expand Down Expand Up @@ -265,7 +266,7 @@ describe('get()', () => {
_source: {
[ALERT_RULE_TYPE_ID]: fakeRuleTypeId,
[ALERT_RULE_CONSUMER]: 'apm',
[ALERT_STATUS]: 'open',
[ALERT_STATUS]: ALERT_STATUS_ACTIVE,
[SPACE_IDS]: [DEFAULT_SPACE],
},
},
Expand Down Expand Up @@ -338,7 +339,7 @@ describe('get()', () => {
[ALERT_RULE_TYPE_ID]: 'apm.error_rate',
message: 'hello world 1',
[ALERT_RULE_CONSUMER]: 'apm',
[ALERT_STATUS]: 'open',
[ALERT_STATUS]: ALERT_STATUS_ACTIVE,
[SPACE_IDS]: ['test_default_space_id'],
},
},
Expand All @@ -360,7 +361,7 @@ describe('get()', () => {
Object {
"kibana.alert.rule.consumer": "apm",
"kibana.alert.rule.rule_type_id": "apm.error_rate",
"kibana.alert.status": "open",
"kibana.alert.status": "active",
"kibana.space_ids": Array [
"test_default_space_id",
],
Expand Down
12 changes: 6 additions & 6 deletions ...ck/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ import {
ALERT_ID,
ALERT_RULE_PRODUCER,
ALERT_START,
ALERT_STATUS,
ALERT_WORKFLOW_STATUS,
ALERT_UUID,
ALERT_RULE_UUID,
ALERT_RULE_NAME,
Expand Down Expand Up @@ -169,20 +169,20 @@ export const buildAlertStatusFilterRuleRegistry = (status: Status): Filter[] =>
should: [
{
term: {
[ALERT_STATUS]: status,
[ALERT_WORKFLOW_STATUS]: status,
},
},
{
term: {
[ALERT_STATUS]: 'in-progress',
[ALERT_WORKFLOW_STATUS]: 'in-progress',
},
},
],
},
}
: {
term: {
[ALERT_STATUS]: status,
[ALERT_WORKFLOW_STATUS]: status,
},
};

Expand All @@ -193,7 +193,7 @@ export const buildAlertStatusFilterRuleRegistry = (status: Status): Filter[] =>
negate: false,
disabled: false,
type: 'phrase',
key: ALERT_STATUS,
key: ALERT_WORKFLOW_STATUS,
params: {
query: status,
},
Expand Down Expand Up @@ -230,7 +230,7 @@ export const requiredFieldMappingsForActionsRuleRegistry = {
'alert.start': ALERT_START,
'alert.uuid': ALERT_UUID,
'event.action': 'event.action',
'alert.status': ALERT_STATUS,
'alert.workflow_status': ALERT_WORKFLOW_STATUS,
'alert.duration.us': ALERT_DURATION,
'rule.uuid': ALERT_RULE_UUID,
'rule.name': ALERT_RULE_NAME,
Expand Down
5 changes: 3 additions & 2 deletions ...urity_solution/server/lib/detection_engine/rule_types/factories/utils/build_alert.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import {
ALERT_RULE_CONSUMER,
ALERT_RULE_NAMESPACE,
ALERT_STATUS,
ALERT_STATUS_ACTIVE,
ALERT_WORKFLOW_STATUS,
SPACE_IDS,
} from '@kbn/rule-data-utils';
Expand Down Expand Up @@ -71,7 +72,7 @@ describe('buildAlert', () => {
],
[ALERT_ORIGINAL_TIME]: '2020-04-20T21:27:45.000Z',
[ALERT_REASON]: 'alert reasonable reason',
[ALERT_STATUS]: 'open',
[ALERT_STATUS]: ALERT_STATUS_ACTIVE,
[ALERT_WORKFLOW_STATUS]: 'open',
...flattenWithPrefix(ALERT_RULE_NAMESPACE, {
author: [],
Expand Down Expand Up @@ -148,7 +149,7 @@ describe('buildAlert', () => {
module: 'system',
},
[ALERT_REASON]: 'alert reasonable reason',
[ALERT_STATUS]: 'open',
[ALERT_STATUS]: ALERT_STATUS_ACTIVE,
[ALERT_WORKFLOW_STATUS]: 'open',
...flattenWithPrefix(ALERT_RULE_NAMESPACE, {
author: [],
Expand Down
Loading