Skip to content

Add alert rule kibana asset to package spec #918

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jsoriano merged 15 commits into from
Aug 28, 2025
Merged

Add alert rule kibana asset to package spec #918

jsoriano merged 15 commits into from
Aug 28, 2025

Conversation

@MichelLosier
Copy link
Contributor

@MichelLosier MichelLosier commented Jul 1, 2025
edited
Loading

What does this PR do?

Adds support for alert_rule_template Kibana assets

Why is it important?

We want to support being able to include prebuilt alert rules in packages, this will help set users up operationally for their agents.

Checklist

Related issues

@MichelLosier MichelLosier mentioned this pull request Jul 1, 2025
Merged
10 tasks
@MichelLosier MichelLosier force-pushed the support-alert-kbn-assets branch from aeea206 to b3b33d7 Compare July 18, 2025 21:04
@MichelLosier
Copy link
Contributor Author

MichelLosier commented Jul 18, 2025

test integrations

@MichelLosier MichelLosier marked this pull request as ready for review July 18, 2025 21:34
@MichelLosier MichelLosier requested a review from a team as a code owner July 18, 2025 21:34
@MichelLosier
Copy link
Contributor Author

MichelLosier commented Jul 22, 2025

test integrations

@elastic-vault-github-plugin-prod elastic-vault-github-plugin-prod bot mentioned this pull request Jul 22, 2025
Closed
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Jul 22, 2025

Created or updated PR in integrations repository to test this version. Check elastic/integrations#14648

jsoriano
jsoriano reviewed Jul 23, 2025
View reviewed changes
Copy link
Member

@jsoriano jsoriano left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does kibana need changes to support these new assets?

spec/changelog.yml
link: https://github.com/elastic/package-spec/pull/807
- description: Add support for `alert` rule assets.
type: enhancement
link: https://github.com/elastic/package-spec/pull/918
Copy link
Member

@jsoriano jsoriano Jul 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does Fleet need changes to support these new assets? If it does, we will also need to add a patch in the versions sections of the spec. If it doesn't, we might include this change in 3.4.2-next.

Copy link
Contributor Author

@MichelLosier MichelLosier Jul 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good, thanks for taking a look. Supporting this does require changes on the kibana end (original PR). We're pivoting on the direction for this and putting the work behind a feature flag. So I'm going to put this back into draft for now, and we'll ready this back up once the new kibana work is in place.

Copy link
Member

@jsoriano jsoriano Jul 29, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If it requires changes in Kibana, even if they are not finished, I think it would be fine with continuing with this PR as is. Unless you expect big changes.

@MichelLosier MichelLosier marked this pull request as draft July 28, 2025 15:32
This was referenced Jul 28, 2025
Closed
Closed
jsoriano
jsoriano reviewed Jul 29, 2025
View reviewed changes
spec/changelog.yml
link: https://github.com/elastic/package-spec/pull/807
- description: Add support for `alert` rule assets.
type: enhancement
link: https://github.com/elastic/package-spec/pull/918
Copy link
Member

@jsoriano jsoriano Jul 29, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If it requires changes in Kibana, even if they are not finished, I think it would be fine with continuing with this PR as is. Unless you expect big changes.

@MichelLosier
Copy link
Contributor Author

MichelLosier commented Jul 29, 2025

If it requires changes in Kibana, even if they are not finished, I think it would be fine with continuing with this PR as is. Unless you expect big changes.

Yeah our approach is going to look at persisting more so a "rule template" saved object rather than directly an alert rule. This will change the SO type at least and some of the naming used here. SO shape in some of the fixtures maybe largely the same in the end, but also could result in some changes. I created a follow up ticket to come back to this: elastic/kibana#229687

MichelLosier added a commit to elastic/kibana that referenced this pull request Aug 1, 2025
@MichelLosier
Setup support for installing alert rules as kibana assets in packages (
2d8775e 
…#226085)

## Summary

Resolves in part: #221633
Related to: elastic/package-spec#918

* Adds fleet support for installing alert rule assets from packages behind a feature flag
* Alert rule assets should be 
  * updated on subsequent installs
  * removed when the package is uninstalled
* Note tag management for alert rules are done directly on the alert SO.
* This is likely to be followed up to switching to an alert rule template saved object instead
szaffarano pushed a commit to szaffarano/kibana that referenced this pull request Aug 5, 2025
@MichelLosier @szaffarano
Setup support for installing alert rules as kibana assets in packages (
f8c20d1 
…elastic#226085)

## Summary

Resolves in part: elastic#221633
Related to: elastic/package-spec#918

* Adds fleet support for installing alert rule assets from packages behind a feature flag
* Alert rule assets should be 
  * updated on subsequent installs
  * removed when the package is uninstalled
* Note tag management for alert rules are done directly on the alert SO.
* This is likely to be followed up to switching to an alert rule template saved object instead
delanni pushed a commit to delanni/kibana that referenced this pull request Aug 5, 2025
@MichelLosier @delanni
Setup support for installing alert rules as kibana assets in packages (
82d44fb 
…elastic#226085)

## Summary

Resolves in part: elastic#221633
Related to: elastic/package-spec#918

* Adds fleet support for installing alert rule assets from packages behind a feature flag
* Alert rule assets should be 
  * updated on subsequent installs
  * removed when the package is uninstalled
* Note tag management for alert rules are done directly on the alert SO.
* This is likely to be followed up to switching to an alert rule template saved object instead
NicholasPeretti pushed a commit to NicholasPeretti/kibana that referenced this pull request Aug 18, 2025
@MichelLosier @NicholasPeretti
Setup support for installing alert rules as kibana assets in packages (
90e835e 
…elastic#226085)

## Summary

Resolves in part: elastic#221633
Related to: elastic/package-spec#918

* Adds fleet support for installing alert rule assets from packages behind a feature flag
* Alert rule assets should be 
  * updated on subsequent installs
  * removed when the package is uninstalled
* Note tag management for alert rules are done directly on the alert SO.
* This is likely to be followed up to switching to an alert rule template saved object instead
@MichelLosier MichelLosier marked this pull request as ready for review August 19, 2025 18:20
@MichelLosier MichelLosier marked this pull request as draft August 21, 2025 15:42
@MichelLosier
Copy link
Contributor Author

MichelLosier commented Aug 21, 2025

Temp putting in draft while getting feedback from the alerting team

@MichelLosier MichelLosier marked this pull request as ready for review August 26, 2025 13:13
@elasticmachine
Copy link

elasticmachine commented Aug 26, 2025

💚 Build Succeeded

History

@jsoriano jsoriano merged commit dd8aa0e into elastic:main Aug 28, 2025
3 checks passed
@muthu-mps
Copy link

muthu-mps commented Sep 10, 2025

test integrations

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jsoriano jsoriano jsoriano approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Fleet] Support alert rule templates as a kibana asset type in package-spec

4 participants

@MichelLosier @elasticmachine @muthu-mps @jsoriano