[Custom threshold] Save group by information with dynamic mapping#219826
Merged
maryam-saeidi merged 24 commits intoelastic:mainfrom May 24, 2025
Merged
[Custom threshold] Save group by information with dynamic mapping#219826maryam-saeidi merged 24 commits intoelastic:mainfrom
maryam-saeidi merged 24 commits intoelastic:mainfrom
Conversation
maryam-saeidi
added
release_note:skip
Collaborator
🎉 Snyk checks have passed. No issues have been found so far.✅ security/snyk check is complete. No issues have been found. (View Details) ✅ license/snyk check is complete. No issues have been found. (View Details) |
maryam-saeidi
added
release_note:feature
maryam-saeidi
changed the title
maryam-saeidi
added
backport:version
botelastic
bot
added
the
Team:actionable-obs
Contributor
|
Pinging @elastic/obs-ux-management-team (Team:obs-ux-management) |
maryam-saeidi
added
the
author:obs-ux-management
maryam-saeidi
force-pushed
the
183248-dynamically-mapped-groups
branch
from
b9d16e3 to
6da4ea4
Compare
Contributor
|
@maryam-saeidi I read through the above mentioned issues to get the context and understand what I need to review here. Here's a rule that I created and what I got. I created a rule with group by 
|
Member
Author
@mgiota Yes, having both Regarding tags, I will take a look to see what the issue is, but since Kevin mentioned this issue before, it seems unrelated to this PR. |
Member
Author
ersin-erdal
approved these changes
May 23, 2025
Member
Author
We will add this field to other observability rules as well, so it aligns with the direction that we are going. |
Contributor
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Public APIs missing comments
Async chunks
Page load bundle
Unknown metric groupsAPI count
History
|
Contributor
|
Starting backport for target branches: 8.19 https://github.com/elastic/kibana/actions/runs/15227438358 |
Contributor
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
Member
Author
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
1 task
maryam-saeidi
added a commit
that referenced
this pull request
May 26, 2025
…ing (#219826) (#221476) # Backport This will backport the following commits from `main` to `8.19`: - [[Custom threshold] Save group by information with dynamic mapping (#219826)](#219826) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Maryam Saeidi","email":"maryam.saeidi@elastic.co"},"sourceCommit":{"committedDate":"2025-05-24T13:17:43Z","message":"[Custom threshold] Save group by information with dynamic mapping (#219826)\n\nRelaetd to #183248 \nAuto-increasing mapping limit PR:\nhttps://github.com//pull/216719\n\n## Summary\n\nIn this PR, we are saving dynamically mapped group by information for\nthe custom threshold rule. This consists of two parts:\n\n1. Adding a dynamic field\n```\n// kibana.alert.grouping\n[ALERT_GROUPING]: {\n type: 'object',\n dynamic: true,\n array: false,\n required: false,\n },\n```\n2. Adding a dynamic template\n```\ndynamicTemplates: [\n {\n strings_as_keywords: {\n path_match: 'kibana.alert.grouping.*',\n match_mapping_type: 'string',\n mapping: {\n type: 'keyword',\n ignore_above: 1024,\n },\n },\n },\n ],\n```\n\nThe result of adding these mappings can be seen below:\n|Alert|Mapping|\n|---|---|\n\n|||\n\nIf the number of mapping limit is exceeded, the fields that are not\nmapped are going to be added to the `_ignored` field, but the value is\navailable in the doc.\n\n<img\nsrc=\"https://github.com/user-attachments/assets/b84bcf03-b757-4f37-a93f-2559aefa5bcf\"\nwidth=500 />","sha":"1ec32967f857f6e6e2b9f45f4da5751997254e4e","branchLabelMapping":{"^v9.1.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:feature","Team:obs-ux-management","backport:version","v9.1.0","v8.19.0","author:obs-ux-management"],"title":"[Custom threshold] Save group by information with dynamic mapping","number":219826,"url":"https://github.com/elastic/kibana/pull/219826","mergeCommit":{"message":"[Custom threshold] Save group by information with dynamic mapping (#219826)\n\nRelaetd to #183248 \nAuto-increasing mapping limit PR:\nhttps://github.com//pull/216719\n\n## Summary\n\nIn this PR, we are saving dynamically mapped group by information for\nthe custom threshold rule. This consists of two parts:\n\n1. Adding a dynamic field\n```\n// kibana.alert.grouping\n[ALERT_GROUPING]: {\n type: 'object',\n dynamic: true,\n array: false,\n required: false,\n },\n```\n2. Adding a dynamic template\n```\ndynamicTemplates: [\n {\n strings_as_keywords: {\n path_match: 'kibana.alert.grouping.*',\n match_mapping_type: 'string',\n mapping: {\n type: 'keyword',\n ignore_above: 1024,\n },\n },\n },\n ],\n```\n\nThe result of adding these mappings can be seen below:\n|Alert|Mapping|\n|---|---|\n\n|||\n\nIf the number of mapping limit is exceeded, the fields that are not\nmapped are going to be added to the `_ignored` field, but the value is\navailable in the doc.\n\n<img\nsrc=\"https://github.com/user-attachments/assets/b84bcf03-b757-4f37-a93f-2559aefa5bcf\"\nwidth=500 />","sha":"1ec32967f857f6e6e2b9f45f4da5751997254e4e"}},"sourceBranch":"main","suggestedTargetBranches":["8.19"],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/219826","number":219826,"mergeCommit":{"message":"[Custom threshold] Save group by information with dynamic mapping (#219826)\n\nRelaetd to #183248 \nAuto-increasing mapping limit PR:\nhttps://github.com//pull/216719\n\n## Summary\n\nIn this PR, we are saving dynamically mapped group by information for\nthe custom threshold rule. This consists of two parts:\n\n1. Adding a dynamic field\n```\n// kibana.alert.grouping\n[ALERT_GROUPING]: {\n type: 'object',\n dynamic: true,\n array: false,\n required: false,\n },\n```\n2. Adding a dynamic template\n```\ndynamicTemplates: [\n {\n strings_as_keywords: {\n path_match: 'kibana.alert.grouping.*',\n match_mapping_type: 'string',\n mapping: {\n type: 'keyword',\n ignore_above: 1024,\n },\n },\n },\n ],\n```\n\nThe result of adding these mappings can be seen below:\n|Alert|Mapping|\n|---|---|\n\n|||\n\nIf the number of mapping limit is exceeded, the fields that are not\nmapped are going to be added to the `_ignored` field, but the value is\navailable in the doc.\n\n<img\nsrc=\"https://github.com/user-attachments/assets/b84bcf03-b757-4f37-a93f-2559aefa5bcf\"\nwidth=500 />","sha":"1ec32967f857f6e6e2b9f45f4da5751997254e4e"}},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
akowalska622
pushed a commit
to akowalska622/kibana
that referenced
this pull request
May 29, 2025
…astic#219826) Relaetd to elastic#183248 Auto-increasing mapping limit PR: elastic#216719 ## Summary In this PR, we are saving dynamically mapped group by information for the custom threshold rule. This consists of two parts: 1. Adding a dynamic field ``` // kibana.alert.grouping [ALERT_GROUPING]: { type: 'object', dynamic: true, array: false, required: false, }, ``` 2. Adding a dynamic template ``` dynamicTemplates: [ { strings_as_keywords: { path_match: 'kibana.alert.grouping.*', match_mapping_type: 'string', mapping: { type: 'keyword', ignore_above: 1024, }, }, }, ], ``` The result of adding these mappings can be seen below: |Alert|Mapping| |---|---| ||| If the number of mapping limit is exceeded, the fields that are not mapped are going to be added to the `_ignored` field, but the value is available in the doc. <img src="https://github.com/user-attachments/assets/b84bcf03-b757-4f37-a93f-2559aefa5bcf" width=500 />
This was referenced Jun 20, 2025
Closed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Relaetd to #183248
Auto-increasing mapping limit PR: #216719
Summary
In this PR, we are saving dynamically mapped group by information for the custom threshold rule. This consists of two parts:
The result of adding these mappings can be seen below:
If the number of mapping limit is exceeded, the fields that are not mapped are going to be added to the
_ignoredfield, but the value is available in the doc.