[RAC] Store rule params in the alert document (#113429)

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
2025-04-23 17:28:26 -04:00 · 2021-10-05 18:21:30 +02:00 · 2021-10-05 18:21:30 +02:00 · 685f58579d
commit 685f58579d
parent dd2065fd52
3 changed files with 6 additions and 1 deletions
--- a/packages/kbn-rule-data-utils/src/technical_field_names.ts
+++ b/packages/kbn-rule-data-utils/src/technical_field_names.ts
@ -52,6 +52,7 @@ const ALERT_RULE_LICENSE = `${ALERT_RULE_NAMESPACE}.license` as const;
 const ALERT_RULE_CATEGORY = `${ALERT_RULE_NAMESPACE}.category` as const;
 const ALERT_RULE_NAME = `${ALERT_RULE_NAMESPACE}.name` as const;
 const ALERT_RULE_NOTE = `${ALERT_RULE_NAMESPACE}.note` as const;
+const ALERT_RULE_PARAMS = `${ALERT_RULE_NAMESPACE}.params` as const;
 const ALERT_RULE_REFERENCES = `${ALERT_RULE_NAMESPACE}.references` as const;
 const ALERT_RULE_RISK_SCORE = `${ALERT_RULE_NAMESPACE}.risk_score` as const;
 const ALERT_RULE_RISK_SCORE_MAPPING = `${ALERT_RULE_NAMESPACE}.risk_score_mapping` as const;
@ -109,6 +110,7 @@ const fields = {
  ALERT_RULE_LICENSE,
  ALERT_RULE_NAME,
  ALERT_RULE_NOTE,
+  ALERT_RULE_PARAMS,
  ALERT_RULE_REFERENCES,
  ALERT_RULE_RISK_SCORE,
  ALERT_RULE_RISK_SCORE_MAPPING,
@ -164,6 +166,7 @@ export {
  ALERT_RULE_LICENSE,
  ALERT_RULE_NAME,
  ALERT_RULE_NOTE,
+  ALERT_RULE_PARAMS,
  ALERT_RULE_REFERENCES,
  ALERT_RULE_RISK_SCORE,
  ALERT_RULE_RISK_SCORE_MAPPING,
--- a/x-pack/plugins/infra/server/lib/alerting/inventory_metric_threshold/inventory_metric_threshold_executor.ts
+++ b/x-pack/plugins/infra/server/lib/alerting/inventory_metric_threshold/inventory_metric_threshold_executor.ts
@ -7,7 +7,7 @@

 import { first, get, last } from 'lodash';
 import { i18n } from '@kbn/i18n';
-import { ALERT_REASON } from '@kbn/rule-data-utils';
+import { ALERT_REASON, ALERT_RULE_PARAMS } from '@kbn/rule-data-utils';
 import moment from 'moment';
 import { getCustomMetricLabel } from '../../../../common/formatters/get_custom_metric_label';
 import { toMetricOpt } from '../../../../common/snapshot_metric_i18n';
@ -79,6 +79,7 @@ export const createInventoryMetricThresholdExecutor = (libs: InfraBackendLibs) =
        id,
        fields: {
          [ALERT_REASON]: reason,
+          [ALERT_RULE_PARAMS]: JSON.stringify(params),
        },
      });

--- a/x-pack/plugins/rule_registry/common/assets/field_maps/technical_rule_field_map.ts
+++ b/x-pack/plugins/rule_registry/common/assets/field_maps/technical_rule_field_map.ts
@ -16,6 +16,7 @@ export const technicalRuleFieldMap = {
    Fields.EVENT_ACTION,
    Fields.TAGS
  ),
+  [Fields.ALERT_RULE_PARAMS]: { type: 'keyword', index: false },
  [Fields.ALERT_RULE_TYPE_ID]: { type: 'keyword', required: true },
  [Fields.ALERT_RULE_CONSUMER]: { type: 'keyword', required: true },
  [Fields.ALERT_RULE_PRODUCER]: { type: 'keyword', required: true },