github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 17:28:26 -04:00
Code Issues Projects Releases Packages Wiki Activity

[OAS] Adds alerts data to get rule types API (#170702)

Browse source
This commit is contained in:
Lisa Cawley 2024-01-23 10:03:30 -08:00 committed by GitHub
parent 9e2caede19
commit d3c51c45eb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 330 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

6
docs/api/alerting/list_rule_types.asciidoc
View file

@ -63,7 +63,8 @@ context and state in action parameter templates, and a short human readable
description. When you create a rule in {kib}, it uses this information to prompt
you for these variables in action parameter editors.
// `alerts`:: TBD
`alerts`::
(object) Details about alerts as data documents for this rule type, including any custom mappings.
`authorized_consumers`::
(object) The list of the plugins IDs that have access to the rule type.
@ -82,7 +83,8 @@ action.
(boolean) Indicates whether the rule type is enabled or disabled based on the
subscription.
// `has_alerts_mappings`:: TBD
`has_alerts_mappings`::
(boolean) Indicates whether the rule type has custom mappings for the alert data.
// `has_fields_for_a_a_d`:: TBD

122
x-pack/plugins/alerting/docs/openapi/bundled.json
View file

@ -895,7 +895,68 @@
}
},
"alerts": {
"type": "object"
"type": "object",
"description": "Details for writing alerts as data documents for this rule type.\n",
"properties": {
"context": {
"type": "string",
"description": "The namespace for this rule type.\n",
"enum": [
"ml.anomaly-detection",
"observability.apm",
"observability.logs",
"observability.metrics",
"observability.slo",
"observability.threshold",
"observability.uptime",
"security",
"stack"
]
},
"dynamic": {
"type": "string",
"description": "Indicates whether new fields are added dynamically.",
"enum": [
"false",
"runtime",
"strict",
"true"
]
},
"isSpaceAware": {
"type": "boolean",
"description": "Indicates whether the alerts are space-aware. If true, space-specific alert indices are used.\n"
},
"mappings": {
"type": "object",
"properties": {
"fieldMap": {
"type": "object",
"description": "Mapping information for each field supported in alerts as data documents for this rule type. For more information about mapping parameters, refer to the Elasticsearch documentation.\n",
"additionalProperties": {
"$ref": "#/components/schemas/fieldmap_properties"
}
}
}
},
"secondaryAlias": {
"type": "string",
"description": "A secondary alias. It is typically used to support the signals alias for detection rules.\n"
},
"shouldWrite": {
"type": "boolean",
"description": "Indicates whether the rule should write out alerts as data.\n"
},
"useEcs": {
"type": "boolean",
"description": "Indicates whether to include the ECS component template for the alerts.\n"
},
"useLegacyAlerts": {
"type": "boolean",
"default": false,
"description": "Indicates whether to include the legacy component template for the alerts.\n"
}
}
},
"authorized_consumers": {
"description": "The list of the plugins IDs that have access to the rule type.",
@ -1046,7 +1107,8 @@
"type": "boolean"
},
"has_alerts_mappings": {
"type": "boolean"
"type": "boolean",
"description": "Indicates whether the rule type has custom mappings for the alert data."
},
"has_fields_for_a_a_d": {
"type": "boolean"
@ -6777,6 +6839,62 @@
}
}
},
"fieldmap_properties": {
"title": "Field map objects in the get rule types response",
"type": "object",
"properties": {
"array": {
"type": "boolean",
"description": "Indicates whether the field is an array."
},
"dynamic": {
"type": "boolean",
"description": "Indicates whether it is a dynamic field mapping."
},
"format": {
"type": "string",
"description": "Indicates the format of the field. For example, if the `type` is `date_range`, the `format` can be `epoch_millis||strict_date_optional_time`.\n"
},
"ignore_above": {
"type": "integer",
"description": "Specifies the maximum length of a string field. Longer strings are not indexed or stored."
},
"index": {
"type": "boolean",
"description": "Indicates whether field values are indexed."
},
"path": {
"type": "string",
"description": "TBD"
},
"properties": {
"type": "object",
"description": "Details about the object properties. This property is applicable when `type` is `object`.\n",
"additionalProperties": {
"type": "object",
"properties": {
"type": {
"type": "string",
"description": "The data type for each object property."
}
}
}
},
"required": {
"type": "boolean",
"description": "Indicates whether the field is required."
},
"scaling_factor": {
"type": "integer",
"description": "The scaling factor to use when encoding values. This property is applicable when `type` is `scaled_float`. Values will be multiplied by this factor at index time and rounded to the closest long value. \n"
},
"type": {
"type": "string",
"description": "Specifies the data type for the field.",
"example": "scaled_float"
}
}
},
"400_response": {
"title": "Bad request",
"type": "object",

100
x-pack/plugins/alerting/docs/openapi/bundled.yaml
View file

@ -569,6 +569,61 @@ paths:
type: string
alerts:
type: object
description: |
Details for writing alerts as data documents for this rule type.
properties:
context:
type: string
description: |
The namespace for this rule type.
enum:
- ml.anomaly-detection
- observability.apm
- observability.logs
- observability.metrics
- observability.slo
- observability.threshold
- observability.uptime
- security
- stack
dynamic:
type: string
description: Indicates whether new fields are added dynamically.
enum:
- 'false'
- runtime
- strict
- 'true'
isSpaceAware:
type: boolean
description: |
Indicates whether the alerts are space-aware. If true, space-specific alert indices are used.
mappings:
type: object
properties:
fieldMap:
type: object
description: |
Mapping information for each field supported in alerts as data documents for this rule type. For more information about mapping parameters, refer to the Elasticsearch documentation.
additionalProperties:
$ref: '#/components/schemas/fieldmap_properties'
secondaryAlias:
type: string
description: |
A secondary alias. It is typically used to support the signals alias for detection rules.
shouldWrite:
type: boolean
description: |
Indicates whether the rule should write out alerts as data.
useEcs:
type: boolean
description: |
Indicates whether to include the ECS component template for the alerts.
useLegacyAlerts:
type: boolean
default: false
description: |
Indicates whether to include the legacy component template for the alerts.
authorized_consumers:
description: The list of the plugins IDs that have access to the rule type.
type: object
@ -668,6 +723,7 @@ paths:
type: boolean
has_alerts_mappings:
type: boolean
description: Indicates whether the rule type has custom mappings for the alert data.
has_fields_for_a_a_d:
type: boolean
id:
@ -4647,6 +4703,50 @@ components:
$ref: '#/components/schemas/tags'
throttle:
$ref: '#/components/schemas/throttle'
fieldmap_properties:
title: Field map objects in the get rule types response
type: object
properties:
array:
type: boolean
description: Indicates whether the field is an array.
dynamic:
type: boolean
description: Indicates whether it is a dynamic field mapping.
format:
type: string
description: |
Indicates the format of the field. For example, if the `type` is `date_range`, the `format` can be `epoch_millis||strict_date_optional_time`.
ignore_above:
type: integer
description: Specifies the maximum length of a string field. Longer strings are not indexed or stored.
index:
type: boolean
description: Indicates whether field values are indexed.
path:
type: string
description: TBD
properties:
type: object
description: |
Details about the object properties. This property is applicable when `type` is `object`.
additionalProperties:
type: object
properties:
type:
type: string
description: The data type for each object property.
required:
type: boolean
description: Indicates whether the field is required.
scaling_factor:
type: integer
description: |
The scaling factor to use when encoding values. This property is applicable when `type` is `scaled_float`. Values will be multiplied by this factor at index time and rounded to the closest long value.
type:
type: string
description: Specifies the data type for the field.
example: scaled_float
400_response:
title: Bad request
type: object

47
x-pack/plugins/alerting/docs/openapi/components/schemas/fieldmap_properties.yaml Normal file
View file

@ -0,0 +1,47 @@
title: Field map objects in the get rule types response
type: object
properties:
array:
type: boolean
description: Indicates whether the field is an array.
dynamic:
type: boolean
description: Indicates whether it is a dynamic field mapping.
format:
type: string
description: >
Indicates the format of the field.
For example, if the `type` is `date_range`, the `format` can be `epoch_millis||strict_date_optional_time`.
ignore_above:
type: integer
description: Specifies the maximum length of a string field. Longer strings are not indexed or stored.
index:
type: boolean
description: Indicates whether field values are indexed.
path:
type: string
description: TBD
properties:
type: object
description: >
Details about the object properties.
This property is applicable when `type` is `object`.
additionalProperties:
type: object
properties:
type:
type: string
description: The data type for each object property.
required:
type: boolean
description: Indicates whether the field is required.
scaling_factor:
type: integer
description: >
The scaling factor to use when encoding values.
This property is applicable when `type` is `scaled_float`.
Values will be multiplied by this factor at index time and rounded to the closest long value.
type:
type: string
description: Specifies the data type for the field.
example: scaled_float

59
x-pack/plugins/alerting/docs/openapi/paths/s@{spaceid}@api@alerting@rule_types.yaml
View file

@ -76,6 +76,64 @@ get:
type: string
alerts:
type: object
description: >
Details for writing alerts as data documents for this rule type.
properties:
context:
type: string
description: >
The namespace for this rule type.
enum:
- ml.anomaly-detection
- observability.apm
- observability.logs
- observability.metrics
- observability.slo
- observability.threshold
- observability.uptime
- security
- stack
dynamic:
type: string
description: Indicates whether new fields are added dynamically.
enum:
- "false"
- "runtime"
- "strict"
- "true"
isSpaceAware:
type: boolean
description: >
Indicates whether the alerts are space-aware.
If true, space-specific alert indices are used.
mappings:
type: object
properties:
fieldMap:
type: object
description: >
Mapping information for each field supported in alerts as data documents for this rule type.
For more information about mapping parameters, refer to the Elasticsearch documentation.
additionalProperties:
$ref: '../components/schemas/fieldmap_properties.yaml'
secondaryAlias:
type: string
description: >
A secondary alias.
It is typically used to support the signals alias for detection rules.
shouldWrite:
type: boolean
description: >
Indicates whether the rule should write out alerts as data.
useEcs:
type: boolean
description: >
Indicates whether to include the ECS component template for the alerts.
useLegacyAlerts:
type: boolean
default: false
description: >
Indicates whether to include the legacy component template for the alerts.
authorized_consumers:
description: The list of the plugins IDs that have access to the rule type.
type: object
@ -175,6 +233,7 @@ get:
type: boolean
has_alerts_mappings:
type: boolean
description: Indicates whether the rule type has custom mappings for the alert data.
has_fields_for_a_a_d:
type: boolean
id: