elastic · dominiqueclarke · Apr 14, 2025 · Mar 24, 2025 · Mar 24, 2025 · Mar 24, 2025
@@ -13,6 +13,7 @@ import type { JsonValue } from '@kbn/utility-types';
 export interface MetaAlertFields {
   _id: string;
   _index: string;
+  _score?: number;
 }
 
 export interface LegacyField {
@@ -29,7 +30,7 @@ export type KnownAlertFields = {
   [Property in TechnicalRuleDataFieldName]?: JsonValue[];
 };
 
-export type UnknownAlertFields = Record<string, string | JsonValue[]>;
+export type UnknownAlertFields = Record<string, string | number | JsonValue[]>;
 
 /**
  * Alert document type as returned by alerts search requests

@@ -24,6 +24,8 @@ export type RuleRegistrySearchRequest = IEsSearchRequest & {
   sort?: SortCombinations[];
   pagination?: RuleRegistrySearchRequestPagination;
   runtimeMappings?: MappingRuntimeFields;
+  minScore?: number;
+  trackScores?: boolean;
 };
 
 export interface RuleRegistrySearchRequestPagination {

@@ -85,6 +85,7 @@ const parsedAlerts = {
     {
       _index: '.internal.alerts-security.alerts-default-000001',
       _id: '38dd308706a127696cc63b8f142e8e4d66f8f79bc7d491dd79a42ea4ead62dd1',
+      _score: 1,
       '@timestamp': ['2022-03-22T16:48:07.518Z'],
       'host.name': ['Host-4dbzugdlqd'],
       'kibana.alert.reason': [
@@ -99,6 +100,7 @@ const parsedAlerts = {
     {
       _index: '.internal.alerts-security.alerts-default-000001',
       _id: '8361363c0db6f30ca2dfb4aeb4835e7d6ec57bc195b96d9ee5a4ead1bb9f8b86',
+      _score: 1,
       '@timestamp': ['2022-03-22T16:17:50.769Z'],
       'host.name': ['Host-4dbzugdlqd'],
       'kibana.alert.reason': [
@@ -130,6 +132,7 @@ const parsedAlerts = {
       host: { name: ['Host-4dbzugdlqd'] },
       _id: '38dd308706a127696cc63b8f142e8e4d66f8f79bc7d491dd79a42ea4ead62dd1',
       _index: '.internal.alerts-security.alerts-default-000001',
+      _score: 1,
     },
     {
       kibana: {
@@ -148,6 +151,7 @@ const parsedAlerts = {
       host: { name: ['Host-4dbzugdlqd'] },
       _id: '8361363c0db6f30ca2dfb4aeb4835e7d6ec57bc195b96d9ee5a4ead1bb9f8b86',
       _index: '.internal.alerts-security.alerts-default-000001',
+      _score: 1,
     },
   ],
   oldAlertsData: [
@@ -169,6 +173,10 @@ const parsedAlerts = {
         field: '_id',
         value: '38dd308706a127696cc63b8f142e8e4d66f8f79bc7d491dd79a42ea4ead62dd1',
       },
+      {
+        field: '_score',
+        value: 1,
+      },
       { field: '_index', value: '.internal.alerts-security.alerts-default-000001' },
     ],
     [
@@ -189,6 +197,10 @@ const parsedAlerts = {
         field: '_id',
         value: '8361363c0db6f30ca2dfb4aeb4835e7d6ec57bc195b96d9ee5a4ead1bb9f8b86',
       },
+      {
+        field: '_score',
+        value: 1,
+      },
       { field: '_index', value: '.internal.alerts-security.alerts-default-000001' },
     ],
   ],

@@ -7,22 +7,22 @@
  * License v3.0 only", or the "Server Side Public License, v 1".
  */
 
-import { catchError, filter, lastValueFrom, map, of } from 'rxjs';
+import type {
+  MappingRuntimeFields,
+  QueryDslFieldAndFormat,
+  QueryDslQueryContainer,
+  SortCombinations,
+} from '@elastic/elasticsearch/lib/api/types';
 import type {
   Alert,
   EsQuerySnapshot,
   LegacyField,
   RuleRegistrySearchRequest,
   RuleRegistrySearchResponse,
 } from '@kbn/alerting-types';
-import { set } from '@kbn/safer-lodash-set';
 import type { DataPublicPluginStart } from '@kbn/data-plugin/public';
-import type {
-  MappingRuntimeFields,
-  QueryDslFieldAndFormat,
-  QueryDslQueryContainer,
-  SortCombinations,
-} from '@elastic/elasticsearch/lib/api/types';
+import { set } from '@kbn/safer-lodash-set';
+import { catchError, filter, lastValueFrom, map, of } from 'rxjs';
 
 export interface SearchAlertsParams {
   // Dependencies
@@ -68,6 +68,14 @@ export interface SearchAlertsParams {
    * The page size to fetch
    */
   pageSize: number;
+  /**
+   * The minimum score to apply to the query
+   */
+  minScore?: number;
+  /**
+   * Whether to track the score of the query
+   */
+  trackScores?: boolean;
 }
 
 export interface SearchAlertsResult {
@@ -92,6 +100,8 @@ export const searchAlerts = ({
   runtimeMappings,
   pageIndex,
   pageSize,
+  minScore,
+  trackScores,
 }: SearchAlertsParams): Promise<SearchAlertsResult> =>
   lastValueFrom(
     data.search
@@ -104,6 +114,8 @@ export const searchAlerts = ({
           pagination: { pageIndex, pageSize },
           sort,
           runtimeMappings,
+          minScore,
+          trackScores,
         },
         {
           strategy: 'privateRuleRegistryAlertsSearchStrategy',
@@ -167,6 +179,7 @@ const parseAlerts = (rawResponse: RuleRegistrySearchResponse['rawResponse']) =>
       acc.push({
         ...hit.fields,
         _id: hit._id,
+        _score: hit._score,
         _index: hit._index,
       } as Alert);
     }

@@ -166,6 +166,7 @@ describe('useSearchAlertsQuery', () => {
             {
               _index: '.internal.alerts-security.alerts-default-000001',
               _id: '38dd308706a127696cc63b8f142e8e4d66f8f79bc7d491dd79a42ea4ead62dd1',
+              _score: 1,
               '@timestamp': ['2022-03-22T16:48:07.518Z'],
               'host.name': ['Host-4dbzugdlqd'],
               'kibana.alert.reason': [
@@ -180,6 +181,7 @@ describe('useSearchAlertsQuery', () => {
             {
               _index: '.internal.alerts-security.alerts-default-000001',
               _id: '8361363c0db6f30ca2dfb4aeb4835e7d6ec57bc195b96d9ee5a4ead1bb9f8b86',
+              _score: 1,
               '@timestamp': ['2022-03-22T16:17:50.769Z'],
               'host.name': ['Host-4dbzugdlqd'],
               'kibana.alert.reason': [
@@ -211,6 +213,7 @@ describe('useSearchAlertsQuery', () => {
               host: { name: ['Host-4dbzugdlqd'] },
               _id: '38dd308706a127696cc63b8f142e8e4d66f8f79bc7d491dd79a42ea4ead62dd1',
               _index: '.internal.alerts-security.alerts-default-000001',
+              _score: 1,
             },
             {
               kibana: {
@@ -229,6 +232,7 @@ describe('useSearchAlertsQuery', () => {
               host: { name: ['Host-4dbzugdlqd'] },
               _id: '8361363c0db6f30ca2dfb4aeb4835e7d6ec57bc195b96d9ee5a4ead1bb9f8b86',
               _index: '.internal.alerts-security.alerts-default-000001',
+              _score: 1,
             },
           ],
           oldAlertsData: [
@@ -250,6 +254,10 @@ describe('useSearchAlertsQuery', () => {
                 field: '_id',
                 value: '38dd308706a127696cc63b8f142e8e4d66f8f79bc7d491dd79a42ea4ead62dd1',
               },
+              {
+                field: '_score',
+                value: 1,
+              },
               { field: '_index', value: '.internal.alerts-security.alerts-default-000001' },
             ],
             [
@@ -270,6 +278,10 @@ describe('useSearchAlertsQuery', () => {
                 field: '_id',
                 value: '8361363c0db6f30ca2dfb4aeb4835e7d6ec57bc195b96d9ee5a4ead1bb9f8b86',
               },
+              {
+                field: '_score',
+                value: 1,
+              },
               { field: '_index', value: '.internal.alerts-security.alerts-default-000001' },
             ],
           ],

@@ -43,6 +43,8 @@ export const useSearchAlertsQuery = ({ data, ...params }: UseSearchAlertsQueryPa
     runtimeMappings,
     pageIndex = 0,
     pageSize = DEFAULT_ALERTS_PAGE_SIZE,
+    minScore,
+    trackScores,
   } = params;
   return useQuery({
     queryKey: queryKeyPrefix.concat(JSON.stringify(params)),
@@ -58,6 +60,8 @@ export const useSearchAlertsQuery = ({ data, ...params }: UseSearchAlertsQueryPa
         runtimeMappings,
         pageIndex,
         pageSize,
+        minScore,
+        trackScores,
       }),
     refetchOnWindowFocus: false,
     context: AlertsQueryContext,

diff --git a/src/platform/packages/shared/response-ops/alerts-table/components/alerts_table.tsx b/src/platform/packages/shared/response-ops/alerts-table/components/alerts_table.tsx
@@ -170,6 +170,8 @@ const AlertsTableContent = typedForwardRef(
       ruleTypeIds,
       consumers,
       query,
+      minScore,
+      trackScores = false,
       initialSort = DEFAULT_SORT,
       initialPageSize = DEFAULT_ALERTS_PAGE_SIZE,
       leadingControlColumns = DEFAULT_LEADING_CONTROL_COLUMNS,
@@ -277,6 +279,8 @@ const AlertsTableContent = typedForwardRef(
       runtimeMappings,
       pageIndex: 0,
       pageSize: initialPageSize,
+      minScore,
+      trackScores,
     });
 
     useEffect(() => {
@@ -287,6 +291,8 @@ const AlertsTableContent = typedForwardRef(
         query,
         sort,
         runtimeMappings,
+        minScore,
+        trackScores,
         // Go back to the first page if the query changes
         pageIndex: !deepEqual(prevQueryParams, {
           ruleTypeIds,
@@ -300,7 +306,7 @@ const AlertsTableContent = typedForwardRef(
           : oldPageIndex,
         pageSize: oldPageSize,
       }));
-    }, [ruleTypeIds, fields, query, runtimeMappings, sort, consumers]);
+    }, [ruleTypeIds, fields, query, runtimeMappings, sort, consumers, minScore, trackScores]);
 
     const {
       data: alertsData,

diff --git a/src/platform/packages/shared/response-ops/alerts-table/components/default_alerts_flyout.tsx b/src/platform/packages/shared/response-ops/alerts-table/components/default_alerts_flyout.tsx
@@ -12,6 +12,7 @@ import { EuiDescriptionList, EuiPanel, EuiTabbedContentTab, EuiTitle } from '@el
 import { ALERT_RULE_NAME } from '@kbn/rule-data-utils';
 import { i18n } from '@kbn/i18n';
 import { ScrollableFlyoutTabbedContent, AlertFieldsTable } from '@kbn/alerts-ui-shared';
+import { JsonValue } from '@kbn/utility-types';
 import { AdditionalContext, FlyoutSectionProps } from '../types';
 import { defaultAlertsTableColumns } from '../configuration';
 import { DefaultCellValue } from './default_cell_value';
@@ -43,7 +44,7 @@ export const DefaultAlertsFlyoutBody = <AC extends AdditionalContext>(
         <EuiPanel hasShadow={false} data-test-subj="overviewTabPanel">
           <EuiDescriptionList
             listItems={(columns ?? defaultAlertsTableColumns).map((column) => {
-              const value = alert[column.id]?.[0];
+              const value = (alert[column.id] as JsonValue[])?.[0];
 
               return {
                 title: (column.displayAsText as string) ?? column.id,

diff --git a/src/platform/packages/shared/response-ops/alerts-table/components/default_cell_value.tsx b/src/platform/packages/shared/response-ops/alerts-table/components/default_cell_value.tsx
@@ -94,7 +94,7 @@ export const DefaultCellValue = ({
 /**
  * Extracts the value from the raw json ES field
  */
-const extractFieldValue = (rawValue: string | JsonValue[]) => {
+const extractFieldValue = (rawValue: string | number | JsonValue[]) => {
   const value = Array.isArray(rawValue) ? rawValue.join() : rawValue;
 
   if (!isEmpty(value)) {

diff --git a/src/platform/packages/shared/response-ops/alerts-table/types.ts b/src/platform/packages/shared/response-ops/alerts-table/types.ts
@@ -372,6 +372,8 @@ export interface PublicAlertsDataGridProps
     | 'columns'
   > {
   ruleTypeIds: string[];
+  minScore?: number;
+  trackScores?: boolean;
   consumers?: string[];
   /**
    * If true, shows a button in the table toolbar to inspect the search alerts request

diff --git a/x-pack/platform/plugins/private/translations/translations/fr-FR.json b/x-pack/platform/plugins/private/translations/translations/fr-FR.json
@@ -32435,8 +32435,6 @@
     "xpack.observability.pages.alertDetails.pageTitle.ruleName": "Règle",
     "xpack.observability.pages.alertDetails.pageTitle.title": "{ruleCategory} {ruleCategory, select, Anomaly {détectée} Inventory {seuil dépassé} other {dépassés}}",
     "xpack.observability.pages.alertDetails.pageTitle.triggered": "Déclenché",
-    "xpack.observability.pages.alertDetails.relatedAlerts.empty.description": "En raison d'une erreur inattendue, aucune alerte associée ne peut être trouvée.",
-    "xpack.observability.pages.alertDetails.relatedAlerts.empty.title": "Problème de chargement des alertes associées",
     "xpack.observability.profilingAWSCostDiscountRateUiSettingDescription": "Si vous êtes inscrits au programme de réduction AWS Enterprise Discount Program (EDP), entrez votre taux de réduction pour mettre à jour le calcul des coûts de profilage.",
     "xpack.observability.profilingAWSCostDiscountRateUiSettingName": "Taux de réduction AWS EDP (%)",
     "xpack.observability.profilingAzureCostDiscountRateUiSettingDescription": "Si vous avez un accord Azure Enterprise avec Microsoft, saisissez votre taux de réduction pour mettre à jour le calcul du coût de profilage.",

diff --git a/x-pack/platform/plugins/private/translations/translations/ja-JP.json b/x-pack/platform/plugins/private/translations/translations/ja-JP.json
@@ -32415,8 +32415,6 @@
     "xpack.observability.pages.alertDetails.pageTitle.ruleName": "ルール",
     "xpack.observability.pages.alertDetails.pageTitle.title": "{ruleCategory} {ruleCategory, select, Anomaly {検出されました} Inventory {しきい値に違反しました} other {違反しました}}",
     "xpack.observability.pages.alertDetails.pageTitle.triggered": "実行済み",
-    "xpack.observability.pages.alertDetails.relatedAlerts.empty.description": "予期しないエラーのため、関連するアラートが見つかりません。",
-    "xpack.observability.pages.alertDetails.relatedAlerts.empty.title": "関連するアラートの読み込みエラー",
     "xpack.observability.profilingAWSCostDiscountRateUiSettingDescription": "AWS Enterprise Discount Program（EDP）に加入している場合は、割引率を入力してプロファイリング費用の計算を更新します。",
     "xpack.observability.profilingAWSCostDiscountRateUiSettingName": "AWS EDP割引率（%）",
     "xpack.observability.profilingAzureCostDiscountRateUiSettingDescription": "MicrosoftとのAzureエンタープライズ契約がある場合は、割引率を入力して、プロファイリングコスト計算を更新してください。",

diff --git a/x-pack/platform/plugins/private/translations/translations/zh-CN.json b/x-pack/platform/plugins/private/translations/translations/zh-CN.json
@@ -32470,8 +32470,6 @@
     "xpack.observability.pages.alertDetails.pageTitle.ruleName": "规则",
     "xpack.observability.pages.alertDetails.pageTitle.title": "{ruleCategory} {ruleCategory, select, Anomaly {已检测到} Inventory {超出阈值} other {已超出}}",
     "xpack.observability.pages.alertDetails.pageTitle.triggered": "已触发",
-    "xpack.observability.pages.alertDetails.relatedAlerts.empty.description": "由于出现意外错误，找不到相关告警。",
-    "xpack.observability.pages.alertDetails.relatedAlerts.empty.title": "加载相关告警时出现问题",
     "xpack.observability.profilingAWSCostDiscountRateUiSettingDescription": "如果已加入 AWS 企业折扣计划 (EDP)，请输入您的折扣率以更新分析成本计算。",
     "xpack.observability.profilingAWSCostDiscountRateUiSettingName": "AWS EDP 折扣率 (%)",
     "xpack.observability.profilingAzureCostDiscountRateUiSettingDescription": "如果与 Microsoft 签署了 Azure 企业协议，请输入您的折扣率以更新分析成本计算。",