[ResponseOps][Alerting] Rule run history displays success with a message when the rule status is warning

[doakalexi]

Resolves #129120

Summary

Adds a new field to the event log kibana.alerting.outcome that will allow us to set the warning status.

Checklist

• Unit or functional tests were updated or added to match the most common scenarios

To verify

To verify that filtering still works correctly:

• Run es using yarn es snapshot --license trial -E path.data=<data_path> on a different branch
• Create a rule and let it run
• Run es on this branch with the previous command
• Verify that the rule run history status still shows up and that you can filter on it on the rule details page and in the log tab.

To verify that warning shows up:

• Create a rule that will generate a warning status in the rule run history and verify that the status in the table matches the last response
• I usually generate a 'warning status' by forcing it here x-pack/plugins/alerting/server/lib/rule_execution_status.ts

[elasticmachine]

Pinging @elastic/response-ops (Team:ResponseOps)

[ymao1]

Left some initial comments but overall looks good! I noticed that when I filter on the Warning outcome and then sort by the Active Alerts column, I get empty data:

With warning filter, no sort:

With warning filter, sorted Active Alerts A-Z

Also noticed that when I search for "reported" in the message, I get warning + success, even though I have the warning filter applied. Looks like it is doing an OR and not an AND? @JiaweiWu Is this a known issue?

[JiaweiWu]

@ymao1 thanks for the heads up, it's not been reported AFAIK but I will take a look

edit: Looks like we forgot a parentheses, will create an issue (#142889)

i.e. the query is message: "test" OR error.message: "test" and event.outcome: failure but should be (message: "test" OR error.message: "test") and event.outcome: failure

[xcrzx]

LGTM! Tested locally the rule execution results table (the one on the detection rule details page). Everything works as expected.

[doakalexi]

Left some initial comments but overall looks good! I noticed that when I filter on the Warning outcome and then sort by the Active Alerts column, I get empty data:

@ymao1 This should be resolved in b4766c0

[ersin-erdal]

LGTM,
tested locally, works as expected.

[ymao1]

LGTM! Left one comment about unit tests but everything looks great and works as expected!

[kibana-ci]

💚 Build Succeeded

• Buildkite Build
• Commit: e2a78ae

Metrics [docs]

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id	before	after	diff
alerting	370	372	+2

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
triggersActionsUi	672.6KB	672.6KB	+28.0B

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
alerting	38.7KB	38.7KB	+10.0B
triggersActionsUi	99.1KB	99.3KB	+212.0B
total			+222.0B

Unknown metric groups

API count

id	before	after	diff
alerting	379	381	+2

History

• 💔 Build #79796 failed 2e3408c
• 💚 Build #79559 succeeded 4b14ec1
• 💔 Build #79527 failed 459eea7
• 💚 Build #79245 succeeded 591108b
• 💔 Build #78762 failed b2e2346
• 💛 Build #78530 was flaky 1723e06

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream