[ON WEEK] Add alerting_test_data package and a script to create rules for manual testing

package.json

@@ -560,6 +560,7 @@
     "@kbn/object-versioning": "link:packages/kbn-object-versioning",
     "@kbn/observability-ai-assistant-plugin": "link:x-pack/plugins/observability_ai_assistant",
     "@kbn/observability-alert-details": "link:x-pack/packages/observability/alert_details",
+    "@kbn/observability-alerting-test-data": "link:x-pack/packages/observability/alerting_test_data",
     "@kbn/observability-fixtures-plugin": "link:x-pack/test/cases_api_integration/common/plugins/observability",
     "@kbn/observability-log-explorer-plugin": "link:x-pack/plugins/observability_log_explorer",
     "@kbn/observability-onboarding-plugin": "link:x-pack/plugins/observability_onboarding",

scripts/create_observability_rules.js

@@ -0,0 +1,42 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+require('@babel/register')({
+  extensions: ['.ts', '.js'],
+  presets: [['@babel/preset-env', { targets: { node: 'current' } }], '@babel/preset-typescript'],
+});
+
+var createCustomThresholdRule =
+  require('@kbn/observability-alerting-test-data').createCustomThresholdRule;
+var createDataView = require('@kbn/observability-alerting-test-data').createDataView;
+var createIndexConnector = require('@kbn/observability-alerting-test-data').createIndexConnector;
+
+var scenario1 = require('@kbn/observability-alerting-test-data').scenario1;
+var scenario2 = require('@kbn/observability-alerting-test-data').scenario2;
+var scenario3 = require('@kbn/observability-alerting-test-data').scenario3;
+
+var senarios = [scenario1, scenario2, scenario3];
+
+async function run() {
+  console.log('Creating index connector - start');
+  var response = await createIndexConnector();
+  var actionId = await response.data.id;
+  console.log('Creating index connector - finished - actionId: ', actionId);
+  for (var scenario of senarios) {
+    if (scenario.dataView.shouldCreate) {
+      console.log('Creating data view - start - id: ', scenario.dataView.id);
+      await createDataView(scenario.dataView);
+      console.log('Creating data view - finished - id: ', scenario.dataView.id);
+    }
+    console.log('Creating Custom threshold rule - start - name: ', scenario.ruleParams.name);
+    await createCustomThresholdRule(actionId, scenario.dataView.id, scenario.ruleParams);
+    console.log('Creating Custom threshold rule - finished - name: ', scenario.ruleParams.name);
+  }
+}
+
+run();

tsconfig.base.json

@@ -1074,6 +1074,8 @@
       "@kbn/observability-ai-assistant-plugin/*": ["x-pack/plugins/observability_ai_assistant/*"],
       "@kbn/observability-alert-details": ["x-pack/packages/observability/alert_details"],
       "@kbn/observability-alert-details/*": ["x-pack/packages/observability/alert_details/*"],
+      "@kbn/observability-alerting-test-data": ["x-pack/packages/observability/alerting_test_data"],
+      "@kbn/observability-alerting-test-data/*": ["x-pack/packages/observability/alerting_test_data/*"],
       "@kbn/observability-fixtures-plugin": ["x-pack/test/cases_api_integration/common/plugins/observability"],
       "@kbn/observability-fixtures-plugin/*": ["x-pack/test/cases_api_integration/common/plugins/observability/*"],
       "@kbn/observability-log-explorer-plugin": ["x-pack/plugins/observability_log_explorer"],

x-pack/packages/observability/alerting_test_data/README.md

@@ -0,0 +1,3 @@
+# @kbn/observability-alerting-test-data
+
+Provides utilities to generate alerting test data

x-pack/packages/observability/alerting_test_data/index.ts

@@ -0,0 +1,15 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { createCustomThresholdRule } from './src/create_custom_threshold_rule';
+export { createDataView } from './src/create_data_view';
+export { createIndexConnector } from './src/create_index_connector';
+export { createRule } from './src/create_rule';
+
+export { scenario1 } from './src/scenarios/fake_hosts_custom_threshold_log_count';
+export { scenario2 } from './src/scenarios/fake_hosts_custom_threshold_log_count_groupby';
+export { scenario3 } from './src/scenarios/fake_hosts_custom_threshold_log_count_nodata';

x-pack/packages/observability/alerting_test_data/jest.config.js

@@ -0,0 +1,12 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+module.exports = {
+  preset: '@kbn/test',
+  rootDir: '../../../..',
+  roots: ['<rootDir>/x-pack/packages/observability/alerting_test_data'],
+};

x-pack/packages/observability/alerting_test_data/kibana.jsonc

@@ -0,0 +1,5 @@
+{
+  "type": "shared-common",
+  "id": "@kbn/observability-alerting-test-data",
+  "owner": "@elastic/actionable-observability"
+}

x-pack/packages/observability/alerting_test_data/package.json

@@ -0,0 +1,8 @@
+{
+  "name": "@kbn/observability-alerting-test-data",
+  "descriptio": "Utils to generate observability alerting test data",
+  "author": "Actionable Observability",
+  "private": true,
+  "version": "1.0.0",
+  "license": "Elastic License 2.0"
+}

x-pack/packages/observability/alerting_test_data/src/constants.ts

@@ -0,0 +1,19 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export const DATA_VIEW_ID = 'data-view-id';
+export const FIRED_ACTIONS_ID = 'custom_threshold.fired';
+export const ALERT_ACTION_INDEX = 'test-alert-action-index';
+
+export const KIBANA_DEFAULT_URL = 'http://127.0.0.1:5601/kibana';
+export const USERNAME = 'elastic';
+export const PASSWORD = 'changeme';
+
+export const HEADERS = {
+  'kbn-xsrf': 'true',
+  'x-elastic-internal-origin': 'foo',
+};

x-pack/packages/observability/alerting_test_data/src/create_custom_threshold_rule.ts

@@ -0,0 +1,88 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import {
+  Aggregators,
+  Comparator,
+} from '@kbn/observability-plugin/common/custom_threshold_rule/types';
+import { OBSERVABILITY_THRESHOLD_RULE_TYPE_ID } from '@kbn/rule-data-utils';
+import { FIRED_ACTIONS_ID } from './constants';
+import { createRule } from './create_rule';
+
+export const createCustomThresholdRule = async (
+  actionId: string,
+  dataViewId: string,
+  ruleParams: {
+    consumer?: string;
+    name?: string;
+    params?: {
+      criteria: any[];
+      groupBy?: string[];
+      searchConfiguration: {
+        query: {
+          query?: string;
+        };
+      };
+    };
+  }
+) => {
+  const customThresholdRuleParams = {
+    tags: ['observability'],
+    consumer: ruleParams.consumer || 'logs',
+    name: ruleParams.name || 'Default custom threshold rule name',
+    rule_type_id: OBSERVABILITY_THRESHOLD_RULE_TYPE_ID,
+    params: {
+      criteria: ruleParams.params?.criteria || [
+        {
+          aggType: Aggregators.CUSTOM,
+          comparator: Comparator.GT,
+          threshold: [1],
+          timeSize: 1,
+          timeUnit: 'm',
+          metrics: [{ name: 'A', filter: '', aggType: Aggregators.COUNT }],
+        },
+      ],
+      groupBy: ruleParams.params?.groupBy,
+      alertOnNoData: true,
+      alertOnGroupDisappear: true,
+      searchConfiguration: {
+        query: {
+          query: ruleParams.params?.searchConfiguration.query.query || '',
+          language: 'kuery',
+        },
+        index: dataViewId,
+      },
+    },
+    actions: [
+      {
+        group: FIRED_ACTIONS_ID,
+        id: actionId,
+        params: {
+          documents: [
+            {
+              ruleType: '{{rule.type}}',
+              alertDetailsUrl: '{{context.alertDetailsUrl}}',
+              reason: '{{context.reason}}',
+              value: '{{context.value}}',
+              host: '{{context.host}}',
+            },
+          ],
+        },
+        frequency: {
+          notify_when: 'onActionGroupChange',
+          throttle: null,
+          summary: false,
+        },
+      },
+    ],
+    schedule: {
+      interval: '1m',
+    },
+  };
+
+  return createRule(customThresholdRuleParams);
+};

x-pack/packages/observability/alerting_test_data/src/create_data_view.ts

@@ -0,0 +1,44 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import axios from 'axios';
+import { HEADERS, KIBANA_DEFAULT_URL, PASSWORD, USERNAME } from './constants';
+
+const DATA_VIEW_CREATION_API = `${KIBANA_DEFAULT_URL}/api/content_management/rpc/create`;
+
+export const createDataView = async ({
+  indexPattern,
+  id,
+}: {
+  indexPattern: string;
+  id: string;
+}) => {
+  const dataViewParams = {
+    contentTypeId: 'index-pattern',
+    data: {
+      fieldAttrs: '{}',
+      title: indexPattern,
+      timeFieldName: '@timestamp',
+      sourceFilters: '[]',
+      fields: '[]',
+      fieldFormatMap: '{}',
+      typeMeta: '{}',
+      runtimeFieldMap: '{}',
+      name: indexPattern,
+    },
+    options: { id },
+    version: 1,
+  };
+
+  return axios.post(DATA_VIEW_CREATION_API, dataViewParams, {
+    headers: HEADERS,
+    auth: {
+      username: USERNAME,
+      password: PASSWORD,
+    },
+  });
+};

x-pack/packages/observability/alerting_test_data/src/create_index_connector.ts

@@ -0,0 +1,30 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import axios from 'axios';
+import { ALERT_ACTION_INDEX, HEADERS, KIBANA_DEFAULT_URL, PASSWORD, USERNAME } from './constants';
+
+const INDEX_CONNECTOR_API = `${KIBANA_DEFAULT_URL}/api/actions/connector`;
+
+export const createIndexConnector = async () => {
+  const indexConnectorParams = {
+    name: 'Test Index Connector',
+    config: {
+      index: ALERT_ACTION_INDEX,
+      refresh: true,
+    },
+    connector_type_id: '.index',
+  };
+
+  return axios.post(INDEX_CONNECTOR_API, indexConnectorParams, {
+    headers: HEADERS,
+    auth: {
+      username: USERNAME,
+      password: PASSWORD,
+    },
+  });
+};

x-pack/packages/observability/alerting_test_data/src/create_rule.ts

@@ -0,0 +1,20 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import axios from 'axios';
+import { HEADERS, KIBANA_DEFAULT_URL, PASSWORD, USERNAME } from './constants';
+
+const RULE_CREATION_API = `${KIBANA_DEFAULT_URL}/api/alerting/rule`;
+
+export const createRule = async (ruleParams: any) =>
+  axios.post(RULE_CREATION_API, ruleParams, {
+    headers: HEADERS,
+    auth: {
+      username: USERNAME,
+      password: PASSWORD,
+    },
+  });

x-pack/packages/observability/alerting_test_data/src/scenarios/fake_hosts_custom_threshold_log_count.ts

@@ -0,0 +1,40 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import {
+  Aggregators,
+  Comparator,
+} from '@kbn/observability-plugin/common/custom_threshold_rule/types';
+
+export const scenario1 = {
+  dataView: {
+    indexPattern: 'high-cardinality-data-fake_hosts.fake_hosts-*',
+    id: 'data-view-id',
+    shouldCreate: true,
+  },
+  ruleParams: {
+    consumer: 'logs',
+    name: 'fake_hosts-custom_threshold_log_count',
+    params: {
+      criteria: [
+        {
+          aggType: Aggregators.CUSTOM,
+          comparator: Comparator.LT,
+          threshold: [100],
+          timeSize: 1,
+          timeUnit: 'm',
+          metrics: [{ name: 'A', filter: '', aggType: Aggregators.COUNT }],
+        },
+      ],
+      searchConfiguration: {
+        query: {
+          query: 'scenario: fake_hosts-custom_threshold_log_count',
+        },
+      },
+    },
+  },
+};

x-pack/packages/observability/alerting_test_data/src/scenarios/fake_hosts_custom_threshold_log_count_groupby.ts

@@ -0,0 +1,41 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import {
+  Aggregators,
+  Comparator,
+} from '@kbn/observability-plugin/common/custom_threshold_rule/types';
+
+export const scenario2 = {
+  dataView: {
+    indexPattern: 'high-cardinality-data-fake_hosts.fake_hosts-*',
+    id: 'data-view-id',
+    shouldCreate: false,
+  },
+  ruleParams: {
+    consumer: 'logs',
+    name: 'fake_hosts-custom_threshold_log_count_groupby',
+    params: {
+      criteria: [
+        {
+          aggType: Aggregators.CUSTOM,
+          comparator: Comparator.LT,
+          threshold: [40],
+          timeSize: 1,
+          timeUnit: 'm',
+          metrics: [{ name: 'A', filter: '', aggType: Aggregators.COUNT }],
+        },
+      ],
+      groupBy: ['event.dataset'],
+      searchConfiguration: {
+        query: {
+          query: 'scenario: fake_hosts-custom_threshold_log_count_groupby',
+        },
+      },
+    },
+  },
+};