Skip to content

[8.19] [Custom threshold] Save group by information with dynamic mapping (#219826)#221476

Merged
maryam-saeidi merged 3 commits intoelastic:8.19from
maryam-saeidi:backport/8.19/pr-219826
May 26, 2025
Merged

[8.19] [Custom threshold] Save group by information with dynamic mapping (#219826)#221476
maryam-saeidi merged 3 commits intoelastic:8.19from
maryam-saeidi:backport/8.19/pr-219826

Conversation

@maryam-saeidi
Copy link
Member

@maryam-saeidi maryam-saeidi commented May 26, 2025

Backport

This will backport the following commits from main to 8.19:

Questions ?

Please refer to the Backport tool documentation

@maryam-saeidi
[Custom threshold] Save group by information with dynamic mapping (el…
99c1b48 
…astic#219826)

Relaetd to elastic#183248
Auto-increasing mapping limit PR:
elastic#216719

## Summary

In this PR, we are saving dynamically mapped group by information for
the custom threshold rule. This consists of two parts:

1. Adding a dynamic field
```
// kibana.alert.grouping
[ALERT_GROUPING]: {
    type: 'object',
    dynamic: true,
    array: false,
    required: false,
  },
```
2. Adding a dynamic template
```
dynamicTemplates: [
      {
        strings_as_keywords: {
          path_match: 'kibana.alert.grouping.*',
          match_mapping_type: 'string',
          mapping: {
            type: 'keyword',
            ignore_above: 1024,
          },
        },
      },
    ],
```

The result of adding these mappings can be seen below:
|Alert|Mapping|
|---|---|

|![image](https://github.com/user-attachments/assets/811b547b-b270-471c-92e5-582dc09b7957)|![image](https://github.com/user-attachments/assets/00389406-109a-4302-8966-5f249e4c1512)|

If the number of mapping limit is exceeded, the fields that are not
mapped are going to be added to the `_ignored` field, but the value is
available in the doc.

<img
src="https://github.com/user-attachments/assets/b84bcf03-b757-4f37-a93f-2559aefa5bcf"
width=500 />

(cherry picked from commit 1ec3296)

# Conflicts:
#	x-pack/solutions/observability/plugins/observability/server/lib/rules/custom_threshold/custom_threshold_executor.ts
@maryam-saeidi maryam-saeidi added the backport This PR is a backport of another PR label May 26, 2025
@maryam-saeidi maryam-saeidi enabled auto-merge (squash) May 26, 2025 07:33
@botelastic botelastic bot added the Team:actionable-obs Formerly "obs-ux-management", responsible for SLO, o11y alerting, significant events, & synthetics. label May 26, 2025
@maryam-saeidi maryam-saeidi mentioned this pull request May 26, 2025
Merged
@elasticmachine
Copy link
Contributor

elasticmachine commented May 26, 2025

Pinging @elastic/obs-ux-management-team (Team:obs-ux-management)

@elasticmachine
Copy link
Contributor

elasticmachine commented May 26, 2025

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #3 / Synthetics API Tests SyncGlobalParams parsed params for previously added http monitors

Metrics [docs]

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id before after diff
@kbn/alerting-rule-utils 13 17 +4
@kbn/rule-data-utils 180 181 +1
total +5

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
apm 2.6MB 2.6MB +10.0B
cases 1.3MB 1.3MB +5.0B
embeddableAlertsTable 798.3KB 798.3KB +5.0B
infra 1.6MB 1.6MB +14.0B
ml 5.4MB 5.4MB +5.0B
observability 1.3MB 1.3MB +55.0B
securitySolution 9.2MB 9.2MB +5.0B
slo 938.3KB 938.3KB +5.0B
triggersActionsUi 1.4MB 1.4MB +5.0B
total +109.0B

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
observability 93.8KB 93.8KB +30.0B
timelines 177.7KB 177.8KB +73.0B
total +103.0B
Unknown metric groups

API count

id before after diff
@kbn/alerting-rule-utils 13 17 +4
@kbn/rule-data-utils 192 193 +1
total +5

History

@maryam-saeidi maryam-saeidi merged commit 7a304ff into elastic:8.19 May 26, 2025
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kdelemme kdelemme kdelemme approved these changes

@kibanamachine kibanamachine Awaiting requested review from kibanamachine kibanamachine is a code owner

Assignees

No one assigned

Labels

backport This PR is a backport of another PR Team:actionable-obs Formerly "obs-ux-management", responsible for SLO, o11y alerting, significant events, & synthetics.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@maryam-saeidi @elasticmachine @kdelemme @kibanamachine