diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/telemetry/event_based/events.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/telemetry/event_based/events.ts index 9ffc0821ca5e1..279485ba8d669 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/telemetry/event_based/events.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/telemetry/event_based/events.ts @@ -450,6 +450,14 @@ export const TELEMETRY_INDEX_SETTINGS_EVENT: EventTypeOpts = { type: 'keyword', _meta: { description: 'The name of the index.' }, }, + index_mode: { + type: 'keyword', + _meta: { optional: true, description: 'Index mode.' }, + }, + source_mode: { + type: 'keyword', + _meta: { optional: true, description: 'Source mode.' }, + }, default_pipeline: { type: 'keyword', _meta: { diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/telemetry/indices.metadata.types.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/telemetry/indices.metadata.types.ts index 645f5261391df..809db76ed5bab 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/telemetry/indices.metadata.types.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/telemetry/indices.metadata.types.ts @@ -89,8 +89,10 @@ export interface IndicesSettings { export interface IndexSettings { index_name: string; + index_mode?: string; default_pipeline?: string; final_pipeline?: string; + source_mode?: string; } export interface Index { diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/telemetry/receiver.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/telemetry/receiver.ts index b558c8aec5840..5414677af5924 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/telemetry/receiver.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/telemetry/receiver.ts @@ -1344,8 +1344,10 @@ export class TelemetryReceiver implements ITelemetryReceiver { index: '*', expand_wildcards: ['open', 'hidden'], filter_path: [ - '*.settings.index.final_pipeline', + '*.mappings._source.mode', '*.settings.index.default_pipeline', + '*.settings.index.final_pipeline', + '*.settings.index.mode', '*.settings.index.provided_name', ], }; @@ -1358,6 +1360,8 @@ export class TelemetryReceiver implements ITelemetryReceiver { index_name: index, default_pipeline: value.settings?.index?.default_pipeline, final_pipeline: value.settings?.index?.final_pipeline, + index_mode: value.settings?.index?.mode, + source_mode: value.mappings?._source?.mode, } as IndexSettings; }) ) diff --git a/x-pack/test/common/utils/security_solution/detections_response/tasks/indices_metadata.ts b/x-pack/test/common/utils/security_solution/detections_response/tasks/indices_metadata.ts index 12b1c357b7f4e..9e1e878bb9d66 100644 --- a/x-pack/test/common/utils/security_solution/detections_response/tasks/indices_metadata.ts +++ b/x-pack/test/common/utils/security_solution/detections_response/tasks/indices_metadata.ts @@ -6,6 +6,7 @@ */ import { Client } from '@elastic/elasticsearch'; +import type { IndicesPutIndexTemplateRequest } from '@elastic/elasticsearch/lib/api/types'; const INGEST_PIPELINE_PREFIX = 'testing-ingest-pipeline'; const DS_PREFIX = 'testing-datastream'; @@ -28,41 +29,44 @@ export const randomDatastream = async ( ): Promise => { const name = `${DS_PREFIX}-${Date.now()}`; - let settings = {}; + const indexTemplateBody: IndicesPutIndexTemplateRequest = { + name: DS_PREFIX, + index_patterns: [`${DS_PREFIX}-*`], + data_stream: {}, + template: { + settings: { + index: { + mode: 'standard', + mapping: {}, + }, + }, + }, + }; - if (opts.policyName) { - settings = { - ...settings, - 'index.lifecycle.name': opts.policyName, + if (opts.policyName && indexTemplateBody.template?.settings !== undefined) { + indexTemplateBody.template.settings.index = { + ...indexTemplateBody.template.settings.index, + lifecycle: { + name: opts.policyName, + }, }; } - if (opts.defaultPipeline) { - settings = { - ...settings, - 'index.default_pipeline': opts.defaultPipeline, + if (opts.defaultPipeline && indexTemplateBody.template?.settings !== undefined) { + indexTemplateBody.template.settings.index = { + ...indexTemplateBody.template.settings.index, + default_pipeline: opts.defaultPipeline, }; } - if (opts.finalPipeline) { - settings = { - ...settings, - 'index.final_pipeline': opts.finalPipeline, + if (opts.finalPipeline && indexTemplateBody.template?.settings !== undefined) { + indexTemplateBody.template.settings.index = { + ...indexTemplateBody.template.settings.index, + final_pipeline: opts.finalPipeline, }; } - const indexTemplateBody = { - index_patterns: [`${DS_PREFIX}-*`], - data_stream: {}, - template: { - settings, - }, - }; - - await es.indices.putIndexTemplate({ - name: DS_PREFIX, - body: indexTemplateBody, - }); + await es.indices.putIndexTemplate(indexTemplateBody); await es.indices.createDataStream({ name }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/telemetry/tasks/indices_metadata.ts b/x-pack/test/security_solution_api_integration/test_suites/telemetry/tasks/indices_metadata.ts index ac160b856178a..027ac390b74fe 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/telemetry/tasks/indices_metadata.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/telemetry/tasks/indices_metadata.ts @@ -228,6 +228,16 @@ export default ({ getService }: FtrProviderContext) => { expect(events.filter((v) => v.final_pipeline === finalPipeline)).toHaveLength(NUM_INDICES); }); + it('should publish index mode as part of index settings', async () => { + const events = await launchTaskAndWaitForEvents({ + eventTypes: [TELEMETRY_INDEX_SETTINGS_EVENT], + index: dsName, + }); + + expect(events.length).toEqual(NUM_INDICES); + expect(events.filter((v) => v.index_mode !== undefined)).toHaveLength(NUM_INDICES); + }); + it('should publish index templates', async () => { const events = await launchTaskAndWaitForEvents({ eventTypes: [TELEMETRY_INDEX_TEMPLATES_EVENT],