-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Rule Registry] Switch to _source for updating documents instead of Fields API #118245
[Rule Registry] Switch to _source for updating documents instead of Fields API #118245
Conversation
TBH i didn't fully understand what an executor does, but it looks like switching form Note: i know not related to this issue but, functions with side-effects like:
🥺 |
@simianhacker I started looking into this and assuming we agree to use To be completely honest I don't feel comfortable with this change, since we are changing to something we don't even use (we don't make use of any object type at the moment, so why do we change it now). However I tested your changes with existing rule types (created a log threshold rule type, an alert was triggered, I relaxed rule conditions, status was updated from active to recovered) and everything worked as expected. I didn't create an object type though so that I could test that the retrieved ES alert document would not change and be saved back to its original form). We could create a few tests. I'll meet with @dgieselaar to further discuss on this topic, so I'll summarize the conclusions here. cc @jasonrhodes |
@simianhacker We talked with @dgieselaar regarding
At the moment everything works because we don't use any nested field type, once we do so, the mismatch might cause surprises. So if we want to use _source instead of fields, we would want to look into this function. I suggest we create separate functions I suggest we focus on writing some tests with fields of an object type and see how things work. |
@afgomez What's your thoughts on this? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did some testing and everything seems to work. I introduced a { foo: { bar: 'baz' }}
field in the event
to see what happened with nested fields and it kept working right.
LGTM!
@afgomez Thanks for testing it. I'm in the process of creating a functional/integration test that does exactly this. |
@elasticmachine merge upstream |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Let's wait for CI and we can merge!
💛 Build succeeded, but was flaky
Test Failures
Metrics [docs]
History
To update your PR or re-run it, just comment with: |
💔 Backport failed
To backport manually run: |
…ields API (elastic#118245) * [Rule Registry] Switch to _source for updating documents instead of Fields API * updating test with _source instead of fields * removing mapValues dep * Refactor types and clean up names Co-authored-by: Kibana Machine <[email protected]>
…ields API (#118245) (#121026) * [Rule Registry] Switch to _source for updating documents instead of Fields API * updating test with _source instead of fields * removing mapValues dep * Refactor types and clean up names Co-authored-by: Kibana Machine <[email protected]> Co-authored-by: Kibana Machine <[email protected]>
…ields API (elastic#118245) * [Rule Registry] Switch to _source for updating documents instead of Fields API * updating test with _source instead of fields * removing mapValues dep * Refactor types and clean up names Co-authored-by: Kibana Machine <[email protected]>
Pinging @elastic/uptime (Team:uptime) |
Pinging @elastic/apm-ui (Team:apm) |
…ields API (elastic#118245) * [Rule Registry] Switch to _source for updating documents instead of Fields API * updating test with _source instead of fields * removing mapValues dep * Refactor types and clean up names Co-authored-by: Kibana Machine <[email protected]>
…ields API (elastic#118245) * [Rule Registry] Switch to _source for updating documents instead of Fields API * updating test with _source instead of fields * removing mapValues dep * Refactor types and clean up names Co-authored-by: Kibana Machine <[email protected]> (cherry picked from commit 21af670) # Conflicts: # x-pack/plugins/rule_registry/server/utils/create_lifecycle_rule_type.test.ts
…ields API (#118245) (#128941) * [Rule Registry] Switch to _source for updating documents instead of Fields API * updating test with _source instead of fields * removing mapValues dep * Refactor types and clean up names Co-authored-by: Kibana Machine <[email protected]> (cherry picked from commit 21af670) # Conflicts: # x-pack/plugins/rule_registry/server/utils/create_lifecycle_rule_type.test.ts
Summary
This PR closes #113003 by removing the Fields API query and including
_source
in the results, then it usedhit._source
inplace ofhit.fields
for parsing the technical fields. I choose this options because it solved the main issue, Fields API returns derived fields which shouldn't be indexed, with the smallest surface area of change.It appears that the alerts are only being created and updated via the
ruleDataClient.getWriter().bulk(...)
operation here:kibana/x-pack/plugins/rule_registry/server/utils/create_lifecycle_executor.ts
Lines 287 to 294 in 5c73c0c
Checklist