Skip to content

[Alerting v2] Dispatcher grouping modes, throttle strategies, and matcher autosuggestion #260249

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
kdelemme merged 304 commits into from
Apr 1, 2026
Merged

[Alerting v2] Dispatcher grouping modes, throttle strategies, and matcher autosuggestion #260249

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
304 commits
Select commit Hold shift + click to select a range
b545c38
Merge branch 'main' into alerting_v2
cnasikas Feb 3, 2026
33b9ab6
Changes from node scripts/regenerate_moon_projects.js --update
kibanamachine Feb 3, 2026
4a654d8
[ResponseOps][Alerting] Alerting v2: Director (#247673)
cnasikas Feb 3, 2026
9523239
Merge branch 'main' into alerting_v2
cnasikas Feb 4, 2026
d7744bc
Use query service in dispatcher, update query to follow latest mappin…
kdelemme Feb 4, 2026
b461eae
[Alerting v2] Simplify task registration pattern (#251707)
darnautov Feb 4, 2026
d05a11c
Merge branch 'main' into alerting_v2
cnasikas Feb 5, 2026
bfc177a
Alertingv2/dispatcher task (#251679)
kdelemme Feb 5, 2026
f54e553
[ResponseOps] Skip director on non alertable rules (#251916)
cnasikas Feb 5, 2026
1baccea
Merge branch 'main' into alerting_v2
cnasikas Feb 7, 2026
f1969c2
[ResponseOps][Alerting] Dedicated user service (#251876)
adcoelho Feb 9, 2026
726afe3
fix user service type
adcoelho Feb 9, 2026
dbf7e5d
Merge branch 'main' into alerting_v2
cnasikas Feb 9, 2026
c9e27dc
Merge branch 'alerting_v2' of github.com:elastic/kibana into alerting_v2
cnasikas Feb 9, 2026
dc13f6e
Changes from node scripts/regenerate_moon_projects.js --update
kibanamachine Feb 9, 2026
1cefc95
Fix SO mapping
cnasikas Feb 9, 2026
5667a7f
Merge branch 'alerting_v2' of github.com:elastic/kibana into alerting_v2
cnasikas Feb 9, 2026
29e2060
Changes from node scripts/jest_integration -u src/core/server/integra…
kibanamachine Feb 9, 2026
e3d03b9
[ResponseOps] [Alerting] Use `kbn/data-streams` in alerting_v2 (#252073)
adcoelho Feb 10, 2026
8e6564c
Add config to disable the temp UI
cnasikas Feb 10, 2026
d3b5d25
Merge branch 'alerting_v2' of github.com:elastic/kibana into alerting_v2
cnasikas Feb 10, 2026
2eda0d2
Merge branch 'main' into alerting_v2
cnasikas Feb 10, 2026
88dcd36
Changes from node scripts/regenerate_moon_projects.js --update
kibanamachine Feb 10, 2026
adfe620
Introduce notification policy crud APIs and client (#251336)
kdelemme Feb 10, 2026
fee99f3
Merge branch 'main' into alerting_v2
cnasikas Feb 11, 2026
15eec99
Fix bug with the actions client
cnasikas Feb 11, 2026
df3dddb
Fix tests
cnasikas Feb 11, 2026
0b25227
Merge branch 'alerting_v2' of github.com:elastic/kibana into alerting_v2
cnasikas Feb 11, 2026
3ea0083
Fix SO CI checks
cnasikas Feb 11, 2026
0f23493
Install json-stable-stringify
cnasikas Feb 11, 2026
00e2577
Changes from yarn openapi:bundle
kibanamachine Feb 11, 2026
5545fa3
TO FIX: Run node 'scripts/yarn_deduplicate && yarn kbn bootstrap' loc…
kibanamachine Feb 11, 2026
1ad57df
TO FIX: Run node 'scripts/check_pkg_json_semver_ranges && yarn kbn bo…
kibanamachine Feb 11, 2026
6419519
Changes from security: 3rd-party dependencies
kibanamachine Feb 11, 2026
49da8aa
Switch to stableStringify
cnasikas Feb 11, 2026
2aeac65
Merge branch 'alerting_v2' of github.com:elastic/kibana into alerting_v2
cnasikas Feb 11, 2026
7aab6c5
Changes from node scripts/lint_ts_projects --fix
kibanamachine Feb 11, 2026
499b65c
Changes from node scripts/regenerate_moon_projects.js --update
kibanamachine Feb 11, 2026
418868c
Remove json-stable-stringify
cnasikas Feb 11, 2026
4dacab8
Fix SO tests
cnasikas Feb 11, 2026
48b3fa9
Merge branch 'main' into alerting_v2
cnasikas Feb 12, 2026
01441f0
Fix task manager test
cnasikas Feb 12, 2026
aea6181
[Alerting v2] Update rule attribues (#252754)
darnautov Feb 13, 2026
a71c517
Merge branch 'main' into alerting_v2
cnasikas Feb 13, 2026
9221cba
[Alerting] Alerting v2: Implement the CountTimeframeStrategy for the …
cnasikas Feb 14, 2026
613fe4a
Merge branch 'main' into alerting_v2
cnasikas Feb 16, 2026
0ef833e
Merge branch 'alerting_v2' of github.com:elastic/kibana into alerting_v2
cnasikas Feb 16, 2026
f49fb6c
Fix limits
cnasikas Feb 18, 2026
669df6d
Merge branch 'main' into alerting_v2
cnasikas Feb 18, 2026
7eaf39e
Merge remote-tracking branch 'upstream/main' into alerting_v2
darnautov Feb 19, 2026
c1b6aae
Merge branch 'main' into alerting_v2
cnasikas Feb 19, 2026
a0eeb9f
[Alerting v2] Make evaluation.query.condition optional (#253668)
darnautov Feb 19, 2026
c9b190e
Merge branch 'alerting_v2' of github.com:elastic/kibana into alerting_v2
cnasikas Feb 19, 2026
4c652c5
feat(rna): alert suppression (#252174)
kdelemme Feb 19, 2026
9907aa9
feat(rna): add getRules client method (#253355)
kdelemme Feb 19, 2026
e14c338
[Alerting v2] Add recovery event generation to rule execution pipelin…
darnautov Feb 20, 2026
5235d89
Merge branch 'main' into alerting_v2
kdelemme Feb 20, 2026
6ed6b4e
[Alerting V2] [UI] Add create rule flyout in discover (#250961)
dominiqueclarke Feb 20, 2026
741c5bd
Merge branch 'main' into alerting_v2
cnasikas Feb 23, 2026
1233d09
Merge branch 'alerting_v2' of github.com:elastic/kibana into alerting_v2
cnasikas Feb 23, 2026
b03c893
Changes from node scripts/generate codeowners
kibanamachine Feb 23, 2026
d74551b
Changes from node scripts/regenerate_moon_projects.js --update
kibanamachine Feb 23, 2026
0b24ae8
Merge branch 'main' into alerting_v2
kdelemme Feb 24, 2026
9be25cc
chore(rna): update notification policy (#253134)
kdelemme Feb 25, 2026
0ecb747
Merge branch 'main' into alerting_v2
cnasikas Feb 26, 2026
beb1c7b
Merge branch 'alerting_v2' of github.com:elastic/kibana into alerting_v2
cnasikas Feb 26, 2026
22cf36b
Fix limits
cnasikas Feb 26, 2026
2c62660
[ResponseOps][AlertingV2] Add `ApmMiddleware` to the rule executor (#…
adcoelho Feb 26, 2026
d8e74fb
[ResponseOps][AlertingV2] Add the withAPM decorator and apply it to t…
adcoelho Feb 26, 2026
10726d5
Merge branch 'main' into alerting_v2
cnasikas Feb 27, 2026
05104fc
Changes from node scripts/lint_ts_projects --fix
kibanamachine Feb 27, 2026
6e540c6
Changes from node scripts/regenerate_moon_projects.js --update
kibanamachine Feb 27, 2026
7b5e695
[Alerting] Alerting v2: Add support of streaming in the rule executor…
cnasikas Feb 27, 2026
5b6a232
Wait for resources before scheduling dispatcher task (#255332)
kdelemme Feb 27, 2026
26fcc09
Update alerting-v2 owner to new rna project team (#255120)
jasonrhodes Feb 27, 2026
4439bea
Ran node scripts/generate codeowners for this branch
jasonrhodes Feb 27, 2026
7a52b28
Alerting_v2: Dispatcher notification policy (#252758)
kdelemme Feb 27, 2026
1af0e3e
[Alerting v2] [Rule form] provide services via context (#255427)
dominiqueclarke Mar 2, 2026
920d138
Merge branch 'main' into alerting_v2
kdelemme Mar 3, 2026
8aef0c4
Merge branch 'main' into alerting_v2
kdelemme Mar 3, 2026
5d28fee
Migrate to @elastic/esql
kdelemme Mar 3, 2026
a1e5787
Changes from node scripts/lint_ts_projects --fix
kibanamachine Mar 4, 2026
56f0af5
Changes from node scripts/regenerate_moon_projects.js --update
kibanamachine Mar 4, 2026
60d2b9f
[ResponseOps][AlertingV2] Rename indexes for alert events and actions…
adcoelho Mar 4, 2026
c5754e7
fix integration test
kdelemme Mar 4, 2026
f652a0c
Store API key owner on Notification Policy (#254808)
kdelemme Mar 4, 2026
2c92a09
[ResponseOps] [Alerting V2] Fix linting problem in apm middleware. (#…
adcoelho Mar 5, 2026
86e6b2e
Add notification policies UI and Storybook form story (#255599)
kdelemme Mar 5, 2026
f208ae7
[ResponseOps][Alerting V2] ESQL views (#255968)
adcoelho Mar 6, 2026
538170f
[ResponseOps][AlertingV2] OAS for alert action routes (#255810)
adcoelho Mar 6, 2026
ae26877
Fix np test
kdelemme Mar 6, 2026
c88145d
Fix np test
kdelemme Mar 6, 2026
78aff2c
Fix suppression query (#256486)
kdelemme Mar 6, 2026
b36ab75
[Alerting V2] [UI] Add activation configuration fields to alerting V2…
yiannisnikolopoulos Mar 6, 2026
bdb735a
[Alerting v2] foundational rule list (#256260)
dominiqueclarke Mar 6, 2026
e85927a
[Alerting v2] MVP rule form, Split evaluation condition, and Recovery…
dominiqueclarke Mar 9, 2026
ef938ea
[Alerting V2] Create episodes esql view (#256697)
adcoelho Mar 10, 2026
565217c
Store 'unmatched' action for unmatched alert episodes (#256527)
kdelemme Mar 10, 2026
f03fc40
[Alerting v2] [Rule authoring] Move consecutive breaches max to share…
yiannisnikolopoulos Mar 10, 2026
c732037
[Alerting v2] [Rule authoring] wire up edit flow (#256756)
dominiqueclarke Mar 10, 2026
30a30e6
Use stored encrypted API keys from Notification Policy in dispatcher …
kdelemme Mar 10, 2026
8440a84
[Alerting v2] Rule authoring - Preview query and design parity (#256818)
dominiqueclarke Mar 11, 2026
ca6989c
[Alerting v2] - rule form - remove all React.FC (#257246)
dominiqueclarke Mar 11, 2026
a3e5e83
[Alerting v2] add enable/disable and clone rule to rule list (#257017)
dominiqueclarke Mar 12, 2026
d475cb5
Merge remote-tracking branch 'upstream/main' into alerting_v2
darnautov Mar 12, 2026
afd1b34
Merge branch 'alerting_v2' of github.com:elastic/kibana into alerting_v2
darnautov Mar 12, 2026
8115521
Changes from node scripts/regenerate_moon_projects.js --update
kibanamachine Mar 12, 2026
647c1e6
[Alerting v2] rule form - fix test (#257415)
dominiqueclarke Mar 12, 2026
45011e5
[Alerting v2] [Rule authoring] Allow clearing number inputs in state …
yiannisnikolopoulos Mar 12, 2026
edb084d
fix: Refactor SO services to use inversify DI for client initializati…
darnautov Mar 12, 2026
f3efafa
[Alerting v2] [Rule authoring] Block comma key in number input compon…
yiannisnikolopoulos Mar 12, 2026
eea040f
Make notification policies global with optional rule-label scoping (#…
kdelemme Mar 12, 2026
3cab1ea
Merge remote-tracking branch 'upstream/main' into alerting_v2
darnautov Mar 13, 2026
37c33bb
Merge branch 'alerting_v2' of github.com:elastic/kibana into alerting_v2
darnautov Mar 13, 2026
95588c9
Merge remote-tracking branch 'upstream/main' into alerting_v2
darnautov Mar 13, 2026
97582c7
Update moon configs
darnautov Mar 13, 2026
735dc20
update SAVED_OBJECT_TYPES_COUNT
darnautov Mar 13, 2026
79fe69f
Merge remote-tracking branch 'upstream/main' into alerting_v2
darnautov Mar 13, 2026
a5e5428
disable plugin by default
darnautov Mar 13, 2026
24338af
[AlertingV2] Rule execution history and status (#254990)
doakalexi Mar 13, 2026
5df7250
[Alerting V2] Update the alert episodes view query. (#257347)
adcoelho Mar 16, 2026
4927a86
fix: Update CI tests for disabled-by-default alerting_v2 plugin (#257…
darnautov Mar 16, 2026
7141882
Changes from node scripts/regenerate_moon_projects.js --update
kibanamachine Mar 16, 2026
84203ac
fix: enable alerting_v2 plugin in dispatcher integration tests
darnautov Mar 16, 2026
771403f
fix task_event_log
darnautov Mar 16, 2026
bf1fe8f
Merge remote-tracking branch 'upstream/main' into alerting_v2
darnautov Mar 16, 2026
f9cb07c
[Alerting v2] Add enable, disable, snooze and bulk action routes for …
kdelemme Mar 16, 2026
c95bca1
[Alerting V2] mark np api keys for invalidation (#257377)
adcoelho Mar 17, 2026
1ed4620
fix discover
darnautov Mar 17, 2026
00e7740
set enabled prop for notification policy tests
darnautov Mar 17, 2026
590ada0
Add dynamic workflow selection to notification policy form (#258010)
kdelemme Mar 17, 2026
251126e
Changes from node scripts/regenerate_moon_projects.js --update
kibanamachine Mar 17, 2026
f096dd5
fix test
kdelemme Mar 17, 2026
8f3f733
Changes from node scripts/eslint_all_files --no-cache --fix
kibanamachine Mar 17, 2026
3deae28
Merge remote-tracking branch 'upstream/main' into alerting_v2
darnautov Mar 17, 2026
8c037de
Changes from node scripts/lint_ts_projects --fix
kibanamachine Mar 17, 2026
384c18c
[Alerting v2] Add search, filtering, sorting, and state management to…
kdelemme Mar 17, 2026
84b4f55
Changes from node scripts/regenerate_moon_projects.js --update
kibanamachine Mar 17, 2026
e44339f
[Alerting v2] add description to rule list (#257202)
dominiqueclarke Mar 17, 2026
c8176d1
[Alerting v2] Rule Details Page (#256692)
yiannisnikolopoulos Mar 18, 2026
8bf4e55
Changes from node scripts/regenerate_moon_projects.js --update
kibanamachine Mar 18, 2026
04ac41c
[Alerting V2] Schedule task for notification policies API key invalid…
adcoelho Mar 18, 2026
13a7f35
Changes from node scripts/lint_ts_projects --fix
kibanamachine Mar 18, 2026
c0fd603
Changes from node scripts/regenerate_moon_projects.js --update
kibanamachine Mar 18, 2026
76b8a03
[Alerting v2] [Rule authoring] Add max value validation to recovering…
yiannisnikolopoulos Mar 19, 2026
ca5c75c
Change v2 package owners to rna team (#258551)
jasonrhodes Mar 19, 2026
6817e2f
Changes from node scripts/generate codeowners
kibanamachine Mar 19, 2026
fa3dd0b
Changes from node scripts/regenerate_moon_projects.js --update
kibanamachine Mar 19, 2026
aad9636
[Alerting V2] bulk get alert actions (#258353)
adcoelho Mar 19, 2026
924a9e6
Fix types.
adcoelho Mar 19, 2026
2bbff6e
[Alerting v2] rule list bulk enable disable delete select all (#258341)
dominiqueclarke Mar 20, 2026
523d712
[Alerting v2] rule form - preview chart (#257324)
dominiqueclarke Mar 20, 2026
180fe6e
Changes from node scripts/regenerate_moon_projects.js --update
kibanamachine Mar 20, 2026
06c700d
[Alerting v2] align notification policy casing to camelCase (#258237)
kdelemme Mar 20, 2026
40b3b6b
Merge remote-tracking branch 'upstream/main' into alerting_v2
darnautov Mar 20, 2026
1f56de4
Changes from node scripts/regenerate_moon_projects.js --update
kibanamachine Mar 20, 2026
10ce1ab
Alertingv2 add runbook (#256492)
ana-davydova Mar 20, 2026
294d9e5
[Alerting v2] Add bulk actions for notification policies (#258862)
kdelemme Mar 20, 2026
22b2860
[Alerting v2] Fix: scope latest alert state query to director-process…
darnautov Mar 20, 2026
c0b099c
Changes from node scripts/regenerate_moon_projects.js --update
kibanamachine Mar 20, 2026
f15cffa
[Alerting V2] Add basic search to the rule list (#258906)
ana-davydova Mar 23, 2026
4d035ff
Fix page reset (#258927)
kdelemme Mar 23, 2026
384ab3d
Merge remote-tracking branch 'upstream/main' into alerting_v2
darnautov Mar 23, 2026
26cd9d9
feat(alertingv2): update list notification policies table (#259114)
kdelemme Mar 23, 2026
7830d9b
[ResponseOps][RnA] Minimal alerting episodes o11y page (#257638)
umbopepato Mar 23, 2026
06b0d23
[Alerting V2] Remove 'untag' alert action (#258643)
adcoelho Mar 23, 2026
7073d1e
Changes from node scripts/generate codeowners
kibanamachine Mar 23, 2026
fac1510
Changes from node scripts/regenerate_moon_projects.js --update
kibanamachine Mar 23, 2026
d58816c
[Alerting v2] Replace custom matcher input with KQL QueryStringInput …
kdelemme Mar 23, 2026
ce70702
Changes from node scripts/regenerate_moon_projects.js --update
kibanamachine Mar 23, 2026
b503e23
feat(alertingv2): make dispatcher space-aware (#259182)
kdelemme Mar 23, 2026
77a3ab0
[Alerting V2] Restrict width on create/edit rule page (#259015)
joana-cps Mar 24, 2026
b23d99e
fix: resolve SO type validation failures for initial model versions
darnautov Mar 24, 2026
64b18f5
Merge remote-tracking branch 'upstream/main' into alerting_v2
darnautov Mar 24, 2026
f98374e
Changes from node scripts/check_mappings_update --fix
kibanamachine Mar 24, 2026
4b5653f
[Alerting V2] Rename indices and ESQL views (#258651)
adcoelho Mar 24, 2026
bca2e27
revert: restore notification policy mappings to original state
darnautov Mar 24, 2026
ddf8397
commit node scripts/check_mappings_update --fix
darnautov Mar 24, 2026
3bf6e1e
Set schema limits for rule artifacts, bulk get IDs, and notification …
darnautov Mar 24, 2026
72109b8
Minimize dispatcher integration test server setup (#259416)
kdelemme Mar 24, 2026
c5b8c46
[Alerting v2] adjust rule flyout export (#258200)
dominiqueclarke Mar 24, 2026
144fdae
Changes from node scripts/regenerate_moon_projects.js --update
kibanamachine Mar 24, 2026
a7fd5eb
[Alerting v2] Extract data fields from alert events in dispatcher pip…
kdelemme Mar 24, 2026
40d4350
[Alerting v2] Add update API key for notification policies (#259390)
kdelemme Mar 24, 2026
17f5c8e
Merge branch 'alerting_v2' into alertingv2/dispatcher-data-fields
kdelemme Mar 24, 2026
9ea250f
Merge remote-tracking branch 'upstream/main' into alerting_v2
darnautov Mar 25, 2026
e9a8b0d
Add OAS descriptions to rule routes (#259367)
darnautov Mar 25, 2026
c313b9f
Changes from node scripts/regenerate_moon_projects.js --update
kibanamachine Mar 25, 2026
c1b2b5d
Use executeQueryRows
kdelemme Mar 25, 2026
6dd72e1
move function down
kdelemme Mar 25, 2026
46e93f4
Use executeQueryRows in supression step
kdelemme Mar 25, 2026
51fdbf4
Use Map.groupBy
kdelemme Mar 25, 2026
091e833
Handle policy grouping
kdelemme Mar 25, 2026
e92f4ad
Run dispatch step in parallel and handle errors gracefully
kdelemme Mar 25, 2026
f6f44bc
Improve integration tests
kdelemme Mar 25, 2026
dab49ad
Changes from node scripts/eslint_all_files --no-cache --fix
kibanamachine Mar 25, 2026
ec1d853
Fix datemath parsing for non-date string values in evaluateKql
kdelemme Mar 25, 2026
125c6f7
Resolve merge conflict in task_runner.ts
darnautov Mar 25, 2026
016edbf
Merge remote-tracking branch 'upstream/main' into alerting_v2
darnautov Mar 25, 2026
4075e0b
kbn boostrap changes
darnautov Mar 25, 2026
544704f
Changes from node scripts/lint.js --fix
kibanamachine Mar 26, 2026
b937b8b
Remove array membership logic from `evaluateKql`.
darnautov Mar 26, 2026
99c37de
Merge remote-tracking branch 'upstream/main' into alerting_v2
darnautov Mar 26, 2026
7c92fc4
[Alerting v2] [Rule authoring] Enforce max values and validation to r…
yiannisnikolopoulos Mar 26, 2026
f02408b
update yarn.lock, increase timeout for check_saved_objects pipeline
darnautov Mar 26, 2026
80ef2d9
Refactor Discover v2 rules menu: merge alerts into legacy-rules subme…
jasonrhodes Mar 26, 2026
677065f
[Alerting v2] Lower MIN_SCHEDULE_INTERVAL from 1m to 5s (#259836)
jasonrhodes Mar 26, 2026
0466bd7
Changes from node scripts/lint.js --fix
kibanamachine Mar 26, 2026
c2c583b
Merge remote-tracking branch 'upstream/main' into alerting_v2
darnautov Mar 26, 2026
49f1ce6
update SO mappings
darnautov Mar 27, 2026
1bcca5d
Revert notification policy SO mapping changes, keep rule mapping fixes
darnautov Mar 27, 2026
e68f1f0
Merge branch 'alerting_v2' into alertingv2/dispatcher-data-fields
kdelemme Mar 27, 2026
1ec1261
Merge branch 'main' into slo/256500-templates-flyout
kdelemme Mar 30, 2026
595d9c9
Separate throttling from grouping in the dispatcher pipeline
kdelemme Mar 30, 2026
7280665
Remove ruleId from notification group identity
kdelemme Mar 30, 2026
976d738
Fix deprecations in notification policy Zod schemas
kdelemme Mar 30, 2026
0c3bb3b
Fix ES|QL column resolution errors in dispatcher queries
kdelemme Mar 30, 2026
55bf9bc
Add matcher autosuggestion APIs and data field suggestions
kdelemme Mar 30, 2026
b6d9775
Add useFetchDataFields mock to notification policy form tests
kdelemme Mar 30, 2026
e071fc1
Add integration test coverage for groupingMode and throttle strategy
kdelemme Mar 30, 2026
4ad0dd7
Replace grouping and frequency sections with unified Dispatch section
kdelemme Mar 30, 2026
2e18955
Add standalone DurationInput component for throttle interval
kdelemme Mar 30, 2026
865f0e9
Move into folder
kdelemme Mar 30, 2026
e6af45c
Add helper text
kdelemme Mar 30, 2026
5ebbc6c
Fix tests
kdelemme Mar 30, 2026
d4dc041
Fix grouping with data. prefix
kdelemme Mar 30, 2026
56f09a2
Default throttle interval to 5m when repeat interval input is shown
kdelemme Mar 30, 2026
8934746
Fix status-based throttling by including episode_status in last-notif…
kdelemme Mar 30, 2026
c229578
Fix unescaped query in rule SO field suggestions search
kdelemme Mar 30, 2026
3371cd4
Skip mode/strategy validation on update when groupingMode is absent
kdelemme Mar 30, 2026
db5cf8a
Isolate per-destination errors in dispatch step
kdelemme Mar 30, 2026
9ffaefb
Preserve groupBy fields when toggling away from per_field mode and back
kdelemme Mar 30, 2026
6eba71e
Remove .claude/plan files from tracked files
kdelemme Mar 31, 2026
6c76e97
Move type
kdelemme Mar 31, 2026
3954a85
Simplify applyThrottling with early-return predicate and cover all st…
kdelemme Mar 31, 2026
d60dfd7
Add comprehensive schema tests for create and update notification pol…
kdelemme Mar 31, 2026
d4a33ce
Filter data field suggestions to active episode statuses only
kdelemme Mar 31, 2026
0c06ab2
fix ts
kdelemme Mar 31, 2026
8290f53
Changes from node scripts/regenerate_moon_projects.js --update
kibanamachine Mar 31, 2026
400e4d1
Fix so mapping
kdelemme Mar 31, 2026
752bbef
Merge branch 'main' into alertingv2/dispatcher-data-fields
kdelemme Mar 31, 2026
fe3f97d
Fix so mpaiing
kdelemme Mar 31, 2026
b604251
Fix dispatcher integration tests and add throttle strategy coverage
kdelemme Mar 31, 2026
068a140
Merge branch 'main' into alertingv2/dispatcher-data-fields
kdelemme Mar 31, 2026
fc56d8e
fix merge conflict resolutions
kdelemme Mar 31, 2026
6736987
Add missing datemath test coverage for evaluateKql
kdelemme Apr 1, 2026
fe369e6
Changes from node scripts/eslint_all_files --no-cache --fix
kibanamachine Apr 1, 2026
3578029
Add dispatcher enabled advanced setting for alerting v2
kdelemme Apr 1, 2026
e20a7ba
Merge branch 'main' into alertingv2/dispatcher-data-fields
kdelemme Apr 1, 2026
aa10b40
Use global scope
kdelemme Apr 1, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions packages/kbn-check-saved-objects-cli/current_fields.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,8 +109,11 @@
"destinations.type",
"enabled",
"groupBy",
"groupingMode",
"name",
"snoozedUntil",
"throttle",
"throttle.strategy",
"updatedAt",
"updatedBy",
"updatedByUsername"
Expand Down
11 changes: 11 additions & 0 deletions packages/kbn-check-saved-objects-cli/current_mappings.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -367,6 +367,17 @@
"groupBy": {
"type": "keyword"
},
"groupingMode": {
"type": "keyword"
},
"throttle": {
"type": "object",
"properties": {
"strategy": {
"type": "keyword"
}
}
},
"name": {
"fields": {
"keyword": {
Expand Down
67 changes: 67 additions & 0 deletions src/platform/packages/shared/kbn-eval-kql/src/eval_kql.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,22 @@ describe('evaluateKql', () => {
expect(evaluateKql(kql, { user: { info: { name: 'Jane Doe' } } })).toBe(false);
});

it('should correctly evaluate a quoted value with dots in nested field path', () => {
const kql = 'data.host.name: "admin-console.prod.001"';
expect(
evaluateKql(kql, {
episode_status: 'recovering',
data: { count: 2, host: { name: 'admin-console.prod.001' } },
})
).toBe(true);
expect(
evaluateKql(kql, {
episode_status: 'recovering',
data: { count: 2, host: { name: 'other-host' } },
})
).toBe(false);
});

it('should correctly evaluate a simple "is" KQL expression with boolean', () => {
const kql = 'isActive: true';
expect(evaluateKql(kql, { isActive: true })).toBe(true);
Expand Down Expand Up @@ -257,6 +273,29 @@ describe('evaluateKql', () => {
expect(evaluateKql(kql, { timestamp: resolved })).toBe(true);
expect(evaluateKql(kql, { timestamp: '2025-01-01T00:00:00.000Z' })).toBe(false);
});

it('should match "now+1h" against the resolved date', () => {
const kql = 'timestamp: now+1h';
const resolved = dateMath.parse('now+1h')!.toISOString();
expect(evaluateKql(kql, { timestamp: resolved })).toBe(true);
expect(evaluateKql(kql, { timestamp: '2020-01-01T00:00:00.000Z' })).toBe(false);
});

it('should match "now/d" with rounding', () => {
const kql = 'timestamp: now/d';
const resolved = dateMath.parse('now/d')!.toISOString();
expect(evaluateKql(kql, { timestamp: resolved })).toBe(true);
expect(evaluateKql(kql, { timestamp: '2020-01-01T00:00:00.000Z' })).toBe(false);
});

it('should match datemath against any element in an array field', () => {
const kql = 'timestamps: now-1d';
const resolved = dateMath.parse('now-1d')!.toISOString();
expect(evaluateKql(kql, { timestamps: ['2020-01-01T00:00:00.000Z', resolved] })).toBe(true);
expect(
evaluateKql(kql, { timestamps: ['2020-01-01T00:00:00.000Z', '2021-06-01T00:00:00.000Z'] })
).toBe(false);
});
});

describe('range expressions with datemath', () => {
Expand Down Expand Up @@ -293,6 +332,34 @@ describe('evaluateKql', () => {
true
);
});

it('should evaluate > with datemath on the right side', () => {
const kql = 'timestamp > now-7d';
// now-7d is 2025-01-08T12:00:00Z
expect(evaluateKql(kql, { timestamp: '2025-01-09T00:00:00.000Z' })).toBe(true);
expect(evaluateKql(kql, { timestamp: dateMath.parse('now-7d')!.toISOString() })).toBe(
false
);
});

it('should evaluate <= with datemath on the right side', () => {
const kql = 'timestamp <= now';
const nowIso = dateMath.parse('now')!.toISOString();
expect(evaluateKql(kql, { timestamp: nowIso })).toBe(true);
expect(evaluateKql(kql, { timestamp: '2025-01-14T00:00:00.000Z' })).toBe(true);
expect(evaluateKql(kql, { timestamp: '2025-01-16T00:00:00.000Z' })).toBe(false);
});

it('should match range with datemath against any element in an array field', () => {
const kql = 'timestamps >= now-7d';
// now-7d is 2025-01-08T12:00:00Z
expect(
evaluateKql(kql, { timestamps: ['2025-01-01T00:00:00.000Z', '2025-01-10T00:00:00.000Z'] })
).toBe(true);
expect(
evaluateKql(kql, { timestamps: ['2025-01-01T00:00:00.000Z', '2025-01-02T00:00:00.000Z'] })
).toBe(false);
});
});

describe('fallback for non-datemath strings', () => {
Expand Down
13 changes: 9 additions & 4 deletions src/platform/packages/shared/kbn-eval-kql/src/eval_kql.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -174,17 +174,22 @@ function readContextPath(
return { pathExists: true, value: result };
}

function isDateMathExpression(value: string): boolean {
return value.startsWith('now') || value.includes('||');
}

function convertLiteralToValue(
node: KqlLiteralNode,
expectedType: 'string' | 'number' | 'boolean'
): any {
switch (expectedType) {
case 'string': {
const strValue = String(node.value);
const parsed = dateMath.parse(strValue);
if (parsed?.isValid()) {
// it's a date math expression, return the resolved ISO string
return parsed.toISOString();
if (isDateMathExpression(strValue)) {
const parsed = dateMath.parse(strValue);
if (parsed?.isValid()) {
return parsed.toISOString();
}
}

return strValue;
Expand Down
2 changes: 1 addition & 1 deletion src/platform/plugins/shared/kql/public/autocomplete/providers/value_suggestion_provider.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ interface ValueSuggestionsGetFnArgs {
boolFilter?: any[];
signal?: AbortSignal;
method?: ValueSuggestionsMethod;
querySuggestionKey?: 'rules' | 'cases' | 'alerts' | 'endpoints';
querySuggestionKey?: 'rules' | 'cases' | 'alerts' | 'endpoints' | 'notification_policies';
}

const getAutocompleteTimefilter = ({ timefilter }: TimefilterSetup, indexPattern: DataView) => {
Expand Down
7 changes: 6 additions & 1 deletion src/platform/plugins/shared/kql/public/components/query_string_input/query_string_input.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -151,6 +151,11 @@ export interface QueryStringInputProps {
* Add additional filters used for suggestions
*/
filtersForSuggestions?: Filter[];

/**
* Debounce delay in ms for fetching suggestions. Defaults to 100.
*/
suggestionsDebounceMs?: number;
}

interface State {
Expand Down Expand Up @@ -333,7 +338,7 @@ export class QueryStringInput extends PureComponent<QueryStringInputProps, State
if (!this.componentIsUnmounting) {
this.setState({ suggestions });
}
}, 100);
}, this.props.suggestionsDebounceMs ?? 100);

private onSubmit = (query: Query) => {
if (this.props.onSubmit) {
Expand Down
2 changes: 1 addition & 1 deletion src/platform/plugins/shared/kql/public/components/typeahead/suggestions_component.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ interface SuggestionsComponentProps {
}

export interface SuggestionsAbstraction {
type: 'alerts' | 'rules' | 'cases' | 'endpoints';
type: 'alerts' | 'rules' | 'cases' | 'endpoints' | 'notification_policies';
fields: Record<
string,
{
Expand Down
3 changes: 3 additions & 0 deletions x-pack/platform/packages/shared/response-ops/alerting-v2-constants/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,6 @@ export const ALERTING_V2_RULE_API_PATH = '/api/alerting/v2/rules' as const;
export const ALERTING_V2_ALERT_API_PATH = '/api/alerting/v2/alerts' as const;
export const ALERTING_V2_NOTIFICATION_POLICY_API_PATH =
'/api/alerting/v2/notification_policies' as const;
// KQL private API path for data fields suggestions
export const INTERNAL_ALERTING_V2_SUGGESTIONS_API_PATH =
'/internal/notification_policies/suggestions/values' as const;
4 changes: 3 additions & 1 deletion x-pack/platform/packages/shared/response-ops/alerting-v2-schemas/src/matcher_context.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,11 +21,12 @@ export interface MatcherContext {
episode_id: string;
episode_status: 'inactive' | 'pending' | 'active' | 'recovering';
rule: MatcherContextRule;
data?: Record<string, unknown>;
}

export interface MatcherContextFieldDescriptor {
path: string;
type: 'string' | 'boolean' | 'string[]';
type: 'string' | 'boolean' | 'string[]' | 'object';
}

export const MATCHER_CONTEXT_FIELDS: MatcherContextFieldDescriptor[] = [
Expand All @@ -40,4 +41,5 @@ export const MATCHER_CONTEXT_FIELDS: MatcherContextFieldDescriptor[] = [
{ path: 'rule.enabled', type: 'boolean' },
{ path: 'rule.createdAt', type: 'string' },
{ path: 'rule.updatedAt', type: 'string' },
{ path: 'data', type: 'object' },
];
Loading
Loading