elastic · ymao1 · Feb 27, 2023 · Feb 6, 2023 · Feb 6, 2023 · Feb 7, 2023
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -19,6 +19,7 @@ x-pack/examples/alerting_example @elastic/response-ops
 x-pack/test/functional_with_es_ssl/plugins/alerts @elastic/response-ops
 x-pack/plugins/alerting @elastic/response-ops
 packages/kbn-alerts @elastic/security-solution
+packages/kbn-alerts-as-data-utils @elastic/response-ops
 x-pack/test/alerting_api_integration/common/plugins/alerts_restricted @elastic/response-ops
 packages/kbn-alerts-ui-shared @elastic/response-ops
 packages/kbn-ambient-common-types @elastic/kibana-operations

diff --git a/package.json b/package.json
@@ -134,6 +134,7 @@
     "@kbn/alerting-fixture-plugin": "link:x-pack/test/functional_with_es_ssl/plugins/alerts",
     "@kbn/alerting-plugin": "link:x-pack/plugins/alerting",
     "@kbn/alerts": "link:packages/kbn-alerts",
+    "@kbn/alerts-as-data-utils": "link:packages/kbn-alerts-as-data-utils",
     "@kbn/alerts-restricted-fixtures-plugin": "link:x-pack/test/alerting_api_integration/common/plugins/alerts_restricted",
     "@kbn/alerts-ui-shared": "link:packages/kbn-alerts-ui-shared",
     "@kbn/analytics": "link:packages/kbn-analytics",

@@ -0,0 +1,9 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+export * from './src/field_maps';
@@ -0,0 +1,5 @@
+{
+  "type": "shared-common",
+  "id": "@kbn/alerts-as-data-utils",
+  "owner": "@elastic/response-ops"
+}
@@ -0,0 +1,6 @@
+{
+  "name": "@kbn/alerts-as-data-utils",
+  "private": true,
+  "version": "1.0.0",
+  "license": "SSPL-1.0 OR Elastic License 2.0"
+}
@@ -1,16 +1,20 @@
 /*
  * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
  * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
  */
 
 import {
   ALERT_ACTION_GROUP,
+  ALERT_CASE_IDS,
   ALERT_DURATION,
   ALERT_END,
   ALERT_FLAPPING,
-  ALERT_ID,
+  ALERT_FLAPPING_HISTORY,
+  ALERT_INSTANCE_ID,
+  ALERT_LAST_DETECTED,
   ALERT_REASON,
   ALERT_RULE_CATEGORY,
   ALERT_RULE_CONSUMER,
@@ -27,92 +31,93 @@ import {
   ALERT_UUID,
   ALERT_WORKFLOW_STATUS,
   SPACE_IDS,
+  TIMESTAMP,
   VERSION,
 } from '@kbn/rule-data-utils';
 
 export const alertFieldMap = {
-  [ALERT_RULE_PARAMETERS]: {
-    type: 'object',
-    enabled: false,
+  [ALERT_ACTION_GROUP]: {
+    type: 'keyword',
+    array: false,
     required: false,
   },
-  [ALERT_RULE_TYPE_ID]: {
+  [ALERT_CASE_IDS]: {
     type: 'keyword',
+    array: true,
+    required: false,
+  },
+  [ALERT_DURATION]: {
+    type: 'long',
     array: false,
-    required: true,
+    required: false,
   },
-  [ALERT_RULE_CONSUMER]: {
-    type: 'keyword',
+  [ALERT_END]: {
+    type: 'date',
     array: false,
-    required: true,
+    required: false,
   },
-  [ALERT_RULE_PRODUCER]: {
-    type: 'keyword',
+  [ALERT_FLAPPING]: {
+    type: 'boolean',
     array: false,
-    required: true,
+    required: false,
   },
-  [SPACE_IDS]: {
-    type: 'keyword',
+  [ALERT_FLAPPING_HISTORY]: {
+    type: 'boolean',
     array: true,
-    required: true,
-  },
-  [ALERT_UUID]: {
-    type: 'keyword',
-    array: false,
-    required: true,
+    required: false,
   },
-  [ALERT_ID]: {
+  [ALERT_INSTANCE_ID]: {
     type: 'keyword',
     array: false,
     required: true,
   },
-  [ALERT_START]: {
+  [ALERT_LAST_DETECTED]: {
     type: 'date',
-    array: false,
     required: false,
-  },
-  [ALERT_TIME_RANGE]: {
-    type: 'date_range',
-    format: 'epoch_millis||strict_date_optional_time',
     array: false,
-    required: false,
   },
-  [ALERT_END]: {
-    type: 'date',
+  [ALERT_REASON]: {
+    type: 'keyword',
     array: false,
     required: false,
   },
-  [ALERT_DURATION]: {
-    type: 'long',
+  [ALERT_RULE_CATEGORY]: {
+    type: 'keyword',
     array: false,
-    required: false,
+    required: true,
   },
-  [ALERT_STATUS]: {
+  [ALERT_RULE_CONSUMER]: {
     type: 'keyword',
     array: false,
     required: true,
   },
-  [VERSION]: {
-    type: 'version',
+  [ALERT_RULE_EXECUTION_UUID]: {
+    type: 'keyword',
     array: false,
     required: false,
   },
-  [ALERT_WORKFLOW_STATUS]: {
+  [ALERT_RULE_NAME]: {
     type: 'keyword',
     array: false,
-    required: false,
+    required: true,
   },
-  [ALERT_ACTION_GROUP]: {
-    type: 'keyword',
+  [ALERT_RULE_PARAMETERS]: {
     array: false,
+    type: 'flattened',
+    ignore_above: 4096,
     required: false,
   },
-  [ALERT_REASON]: {
+  [ALERT_RULE_PRODUCER]: {
     type: 'keyword',
     array: false,
+    required: true,
+  },
+  [ALERT_RULE_TAGS]: {
+    type: 'keyword',
+    array: true,
     required: false,
   },
-  [ALERT_RULE_CATEGORY]: {
+  [ALERT_RULE_TYPE_ID]: {
     type: 'keyword',
     array: false,
     required: true,
@@ -122,26 +127,47 @@ export const alertFieldMap = {
     array: false,
     required: true,
   },
-  [ALERT_RULE_EXECUTION_UUID]: {
+  [ALERT_START]: {
+    type: 'date',
+    array: false,
+    required: false,
+  },
+  [ALERT_STATUS]: {
     type: 'keyword',
     array: false,
+    required: true,
+  },
+  [ALERT_TIME_RANGE]: {
+    type: 'date_range',
+    format: 'epoch_millis||strict_date_optional_time',
+    array: false,
     required: false,
   },
-  [ALERT_RULE_NAME]: {
+  [ALERT_UUID]: {
     type: 'keyword',
     array: false,
     required: true,
   },
-  [ALERT_RULE_TAGS]: {
+  [ALERT_WORKFLOW_STATUS]: {
     type: 'keyword',
-    array: true,
+    array: false,
     required: false,
   },
-  [ALERT_FLAPPING]: {
-    type: 'boolean',
+  [SPACE_IDS]: {
+    type: 'keyword',
+    array: true,
+    required: true,
+  },
+  [TIMESTAMP]: {
+    type: 'date',
+    required: true,
+    array: false,
+  },
+  [VERSION]: {
+    type: 'version',
     array: false,
     required: false,
   },
-};
+} as const;
 
 export type AlertFieldMap = typeof alertFieldMap;
@@ -0,0 +1,26 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import { EcsFlat } from '@kbn/ecs';
+import { EcsMetadata, FieldMap } from './types';
+
+export const ecsFieldMap: FieldMap = Object.keys(EcsFlat).reduce((acc, currKey) => {
+  const value: EcsMetadata = EcsFlat[currKey as keyof typeof EcsFlat];
+  return {
+    ...acc,
+    [currKey]: {
+      type: value.type,
+      array: value.normalize.includes('array'),
+      required: !!value.required,
+      ...(value.scaling_factor ? { scaling_factor: value.scaling_factor } : {}),
+      ...(value.ignore_above ? { ignore_above: value.ignore_above } : {}),
+    },
+  };
+}, {});
+
+export type EcsFieldMap = typeof ecsFieldMap;
@@ -0,0 +1,12 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+export * from './alert_field_map';
+export * from './ecs_field_map';
+export * from './legacy_alert_field_map';
+export type { FieldMap } from './types';