[Observability RAC] Remove indexing of rule evaluation documents #104970
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
weltenwort
added
Team:Infra Monitoring UI - DEPRECATED
|
jenkins, test this (had to abort for Jenkins upgrade) |
weltenwort
changed the title
weltenwort
force-pushed
the
rac-remove-evaluation-documents
branch
from
2243989
to
d1fa059
Compare
weltenwort
force-pushed
the
rac-remove-evaluation-documents
branch
from
d1fa059
to
3aeb120
Compare
|
Pinging @elastic/logs-metrics-ui (Team:logs-metrics-ui) |
mgiota
reviewed
Jul 14, 2021
| @@ -188,44 +188,6 @@ describe('createLifecycleRuleTypeFactory', () => { | |||
|
|
|||
| expect(documents.map((doc) => omit(doc, 'kibana.rac.alert.uuid'))).toMatchInlineSnapshot(` | |||
| Array [ | |||
| Object { | |||
| "@timestamp": "2021-06-16T09:01:00.000Z", | |||
| "event.action": "open", | |||
There was a problem hiding this comment.
More like a general comment. event.action is basically the status of the document, right? Action sounds confusing at least to me.
There was a problem hiding this comment.
I believe this is ECS defined: https://www.elastic.co/guide/en/ecs/current/ecs-event.html
There was a problem hiding this comment.
Ok thanks makes more sense now. Felix wrote a test as part of this PR and looks like event.action is different from event.status.
|
LGTM! You covered it with tests and works as expected |
mgiota
approved these changes
Jul 14, 2021
mgiota
reviewed
Jul 14, 2021
| elasticsearchServiceMock, | ||
| savedObjectsClientMock, | ||
| } from '../../../../../src/core/server/mocks'; | ||
| import { |
There was a problem hiding this comment.
I would move this import after the mock imports
There was a problem hiding this comment.
The imports are sorted automatically by the typescript language server.
|
@elasticmachine merge upstream |
|
merge conflict between base and head |
💚 Build SucceededMetrics [docs]
History
To update your PR or re-run it, just comment with: cc @weltenwort |
weltenwort
added
the
auto-backport
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jul 19, 2021
💚 Backport successful
This backport PR will be merged automatically after passing CI. |
jloleysens
added a commit
to jloleysens/kibana
that referenced
this pull request
Jul 20, 2021
…y-show-migrate-to-authzd-users * 'master' of github.com:elastic/kibana: (187 commits) Space management page UX improvements (elastic#100448) [Reporting] Unskip flaky test when downloading CSV with "no data" (elastic#105252) Update dependency @elastic/charts to v33 (master) (elastic#105633) [Observability RAC] Improve alerts table columns (elastic#105446) Introduce `preboot` lifecycle stage (elastic#103636) [Security Solution] Invalid kql query timeline refresh bug (elastic#105525) skip flaky suite (elastic#106121) [Security Solution][Endpoint] Fix UI inconsistency between isolation forms and remove display of Pending isolation statuses (elastic#106118) docs: APM RUM Source map API (elastic#105332) [CTI] Adds indicator match rule improvements (elastic#97310) [Security Solution] update text for Isolation action submissions (elastic#105956) EP Meta Telemetry Perf (elastic#104396) [Metrics UI] Drop partial buckets from ALL Metrics UI queries (elastic#104784) Remove beta admonitions for Fleet docs (elastic#106010) [Observability RAC] Remove indexing of rule evaluation documents (elastic#104970) Parameterize migration test for kibana version (elastic#105417) [Alerting] Allow rule to execute if the value is 0 and that mets the condition (elastic#105626) [ML] Fix Index data visualizer sometimes shows wrong doc count for saved searches (elastic#106007) [Security Solution] UX fixes for Policy page and Case Host Isolation comment (elastic#106027) [Security Solution]Memory protection configuration card for policies integration. (elastic#101365) ... # Conflicts: # x-pack/plugins/reporting/public/management/report_listing.test.tsx # x-pack/plugins/reporting/public/management/report_listing.tsx
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
📝 Summary
This removes the indexing of evaluation documents in the lifecycle executor helper until the the requirements and schema have been specified.
closes #104671
🕵️ Testing notes
event.kind: "event"should be indexed in the respective alerts-as-data indices even if thewriteflag is enabled.