elastic · maximpn · Mar 24, 2026 · Mar 13, 2026 · Mar 13, 2026 · Mar 13, 2026
@@ -166,6 +166,7 @@ enabled:
   - x-pack/platform/test/alerting_api_integration/spaces_only/tests/alerting/group3/config.ts
   - x-pack/platform/test/alerting_api_integration/spaces_only/tests/alerting/group4/config.ts
   - x-pack/platform/test/alerting_api_integration/spaces_only/tests/alerting/group4/config_with_schedule_circuit_breaker.ts
+  - x-pack/platform/test/alerting_api_integration/spaces_only/tests/alerting/group5/config.ts
   - x-pack/platform/test/alerting_api_integration/spaces_only/tests/actions/config.ts
   - x-pack/platform/test/alerting_api_integration/spaces_only/tests/action_task_params/config.ts
   - x-pack/platform/test/alerting_api_integration/spaces_only/tests/actions/connector_types/stack/email_recipient_allowlist/config.ts

@@ -517,6 +517,7 @@ describe('create()', () => {
               "metrics": Object {
                 "duration": 0,
                 "gap_duration_s": null,
+                "gap_range": null,
                 "total_alerts_created": null,
                 "total_alerts_detected": null,
                 "total_indexing_duration_ms": null,
@@ -754,6 +755,7 @@ describe('create()', () => {
               "metrics": Object {
                 "duration": 0,
                 "gap_duration_s": null,
+                "gap_range": null,
                 "total_alerts_created": null,
                 "total_alerts_detected": null,
                 "total_indexing_duration_ms": null,
@@ -1489,8 +1491,7 @@ describe('create()', () => {
               metrics: {
                 duration: 0,
                 gap_duration_s: null,
-                // TODO: uncomment after intermidiate release
-                // gap_range: null,
+                gap_range: null,
                 total_alerts_created: null,
                 total_alerts_detected: null,
                 total_indexing_duration_ms: null,
@@ -2642,8 +2643,7 @@ describe('create()', () => {
               metrics: {
                 duration: 0,
                 gap_duration_s: null,
-                // TODO: uncomment after intermidiate release
-                // gap_range: null,
+                gap_range: null,
                 total_alerts_created: null,
                 total_alerts_detected: null,
                 total_indexing_duration_ms: null,

@@ -6,14 +6,19 @@
  */
 
 import * as uuid from 'uuid';
+import { set } from '@kbn/safer-lodash-set';
 import type { IEvent, IEventLogger, InternalFields } from '@kbn/event-log-plugin/server';
 import { millisToNanos, SAVED_OBJECT_REL_PRIMARY } from '@kbn/event-log-plugin/server';
 import type { BulkResponse } from '@elastic/elasticsearch/lib/api/types';
 import { EVENT_LOG_ACTIONS } from '../../plugin';
 import type { UntypedNormalizedRuleType } from '../../rule_type_registry';
 import { RULE_SAVED_OBJECT_TYPE } from '../../saved_objects';
 import type { TaskRunnerTimings } from '../../task_runner/task_runner_timer';
-import type { AlertInstanceState, RuleExecutionStatus } from '../../types';
+import type {
+  AlertInstanceState,
+  ConsumerExecutionMetrics,
+  RuleExecutionStatus,
+} from '../../types';
 import { createAlertEventLogRecordObject } from '../create_alert_event_log_record_object';
 import type { RuleRunMetrics } from '../rule_run_metrics_store';
 import { Gap } from '../rule_gaps/gap';
@@ -24,6 +29,7 @@ const Millis2Nanos = 1000 * 1000;
 
 export interface RuleContext {
   id: string;
+  uuid?: string;
   type: UntypedNormalizedRuleType;
   consumer?: string;
   name?: string;
@@ -58,6 +64,7 @@ interface DoneOpts {
   timings?: TaskRunnerTimings;
   status?: RuleExecutionStatus;
   metrics?: RuleRunMetrics | null;
+  consumerMetrics?: Partial<ConsumerExecutionMetrics> | null;
   backfill?: BackfillOpts;
 }
 
@@ -214,12 +221,14 @@ export class AlertingEventLogger {
   public addOrUpdateRuleData({
     name,
     id,
+    uuid: ruleUuid,
     consumer,
     type,
     revision,
   }: {
     name?: string;
     id?: string;
+    uuid?: string;
     consumer?: string;
     revision?: number;
     type?: UntypedNormalizedRuleType;
@@ -236,6 +245,10 @@ export class AlertingEventLogger {
       };
     }
 
+    if (ruleUuid) {
+      this.ruleData.uuid = ruleUuid;
+    }
+
     if (name) {
       this.ruleData.name = name;
     }
@@ -266,6 +279,7 @@ export class AlertingEventLogger {
     updateEventWithRuleData(this.event, {
       ruleName: name,
       ruleId: id,
+      ruleUuid,
       ruleType: type,
       consumer,
       revision,
@@ -345,7 +359,7 @@ export class AlertingEventLogger {
     );
   }
 
-  public done({ status, metrics, timings, backfill }: DoneOpts) {
+  public done({ status, metrics, consumerMetrics, timings, backfill }: DoneOpts) {
     if (!this.isInitialized || !this.event || !this.context) {
       throw new Error('AlertingEventLogger not initialized');
     }
@@ -385,6 +399,10 @@ export class AlertingEventLogger {
       updateEvent(this.event, { metrics });
     }
 
+    if (consumerMetrics) {
+      updateEvent(this.event, { consumerMetrics });
+    }
+
     if (timings) {
       updateEvent(this.event, { timings });
     }
@@ -607,6 +625,7 @@ interface UpdateEventOpts {
   status?: string;
   reason?: string;
   metrics?: RuleRunMetrics;
+  consumerMetrics?: Partial<ConsumerExecutionMetrics>;
   timings?: TaskRunnerTimings;
   backfill?: BackfillOpts;
   maintenanceWindowIds?: string[];
@@ -615,14 +634,15 @@ interface UpdateEventOpts {
 interface UpdateRuleOpts {
   ruleName?: string;
   ruleId?: string;
+  ruleUuid?: string;
   consumer?: string;
   ruleType?: UntypedNormalizedRuleType;
   revision?: number;
   savedObjects?: SavedObjects[];
 }
 
 export function updateEventWithRuleData(event: IEvent, opts: UpdateRuleOpts) {
-  const { ruleName, ruleId, consumer, ruleType, revision, savedObjects } = opts;
+  const { ruleName, ruleId, ruleUuid, consumer, ruleType, revision, savedObjects } = opts;
   if (!event) {
     throw new Error('Cannot update event because it is not initialized.');
   }
@@ -641,6 +661,13 @@ export function updateEventWithRuleData(event: IEvent, opts: UpdateRuleOpts) {
     };
   }
 
+  if (ruleUuid) {
+    event.rule = {
+      ...event.rule,
+      uuid: ruleUuid,
+    };
+  }
+
   if (consumer) {
     event.kibana = event.kibana || {};
     event.kibana.alert = event.kibana.alert || {};
@@ -673,7 +700,8 @@ export function updateEventWithRuleData(event: IEvent, opts: UpdateRuleOpts) {
     }
   }
 
-  if (revision) {
+  // revision is a non-negative integer. We'd like to capture 0 as well.
+  if (revision !== undefined) {
     event.kibana = event.kibana || {};
     event.kibana.alert = event.kibana.alert || {};
     event.kibana.alert.rule = event.kibana.alert.rule || {};
@@ -700,6 +728,7 @@ export function updateEvent(event: IEvent, opts: UpdateEventOpts) {
     status,
     reason,
     metrics,
+    consumerMetrics,
     timings,
     alertingOutcome,
     backfill,
@@ -764,6 +793,19 @@ export function updateEvent(event: IEvent, opts: UpdateEventOpts) {
     };
   }
 
+  if (consumerMetrics) {
+    set(event, 'kibana.alert.rule.execution.metrics', {
+      ...event.kibana?.alert?.rule?.execution?.metrics,
+      alerts_candidate_count: consumerMetrics.alerts_candidate_count,
+      alerts_suppressed_count: consumerMetrics.alerts_suppressed_count,
+      frozen_indices_queried_count: consumerMetrics.frozen_indices_queried_count,
+      total_indexing_duration_ms: consumerMetrics.total_indexing_duration_ms,
+      total_enrichment_duration_ms: consumerMetrics.total_enrichment_duration_ms,
+      execution_gap_duration_s: consumerMetrics.gap_duration_s,
+      gap_range: consumerMetrics.gap_range,
+    });
+  }
+
   if (backfill) {
     event.kibana = event.kibana || {};
     event.kibana.alert = event.kibana.alert || {};

@@ -107,8 +107,7 @@ describe('resetMonitoringLastRun', () => {
       total_alerts_detected: null,
       total_alerts_created: null,
       gap_duration_s: null,
-      // TODO: uncomment after intermidiate release
-      // gap_range: null,
+      gap_range: null,
     });
   });
 

@@ -21,8 +21,7 @@ const INITIAL_LAST_RUN_METRICS: RuleMonitoringLastRunMetrics = {
   total_alerts_detected: null,
   total_alerts_created: null,
   gap_duration_s: null,
-  // TODO: uncomment after intermidiate release
-  // gap_range: null,
+  gap_range: null,
 };
 
 export const getDefaultMonitoring = (timestamp: string): RawRuleMonitoring => {

@@ -133,11 +133,9 @@ const createAbortableSearchServiceMock = () => {
 
 const createRuleMonitoringServiceMock = () => {
   const mock = lazyObject({
-    setLastRunMetricsTotalSearchDurationMs: jest.fn(),
-    setLastRunMetricsTotalIndexingDurationMs: jest.fn(),
-    setLastRunMetricsTotalAlertsDetected: jest.fn(),
-    setLastRunMetricsTotalAlertsCreated: jest.fn(),
-    setLastRunMetricsGapDurationS: jest.fn(),
+    setMetric: jest.fn(),
+    setMetrics: jest.fn(),
+    clearGapRange: jest.fn(),
   }) as unknown as jest.Mocked<PublicRuleMonitoringService>;
 
   return mock;

@@ -8,8 +8,9 @@
 function createRuleMonitoringServiceMock() {
   return jest.fn().mockImplementation(() => {
     return {
+      addFrameworkMetrics: jest.fn(),
       addHistory: jest.fn(),
-      getLastRunMetricsSetters: jest.fn(),
+      getSetters: jest.fn(),
       getMonitoring: jest.fn(),
       setLastRunMetricsDuration: jest.fn(),
       setMonitoring: jest.fn(),
@@ -20,12 +21,9 @@ function createRuleMonitoringServiceMock() {
 function createPublicRuleMonitoringServiceMock() {
   return jest.fn().mockImplementation(() => {
     return {
-      setLastRunMetricsGapDurationS: jest.fn(),
-      setLastRunMetricsTotalAlertsCreated: jest.fn(),
-      setLastRunMetricsTotalAlertsDetected: jest.fn(),
-      setLastRunMetricsTotalIndexingDurationMs: jest.fn(),
-      setLastRunMetricsTotalSearchDurationMs: jest.fn(),
-      setLastRunMetricsGapRange: jest.fn(),
+      setMetric: jest.fn(),
+      setMetrics: jest.fn(),
+      clearGapRange: jest.fn(),
     };
   });
 }