Resolves https://github.com/elastic/kibana/issues/89481
## Summary
Adds group by options to the ES query rule type, both DSL and KQL
options. This is the same limited group by options that are offered in
the index threshold rule type so I used the same UI components and rule
parameter names. I moved some aggregation building code to `common` so
they could be reused. All existing ES query rules are migrated to be
`count over all` rules.
## To Verify
* Create the following types of rules and verify they work as expected.
Verify for both DSL query and KQL query
* `count over all` rule - this should run the same as before, where it
counts the number of documents that matches the query and applies the
threshold condition to that value. `{{context.hits}}` is all the
documents that match the query if the threshold condition is met.
* `<metric> over all` rule - this calculates the specific aggregation
metric and applies the threshold condition to the aggregated metric (for
example, `avg event.duration`). `{{context.hits}}` is all the documents
that match the query if the threshold condition is met.
* `count over top N terms` - this will apply a term aggregation to the
query and matches the threshold condition to each term bucket (for
example, `count over top 10 event.action` will apply the threshold
condition to the count of documents within each `event.action` bucket).
`{{context.hits}}` is the result of the top hits aggregation within each
term bucket if the threshold condition is met for that bucket.
* `<metric> over top N terms` - this will apply a term aggregation and a
metric sub-aggregation to the query and matches the threshold condition
to the metric value within each term bucket (for example, `avg
event.duration over top 10 event.action` will apply the threshold
condition to the average value of `event.duration` within each
`event.action` bucket). `{{context.hits}}` is the result of the top hits
aggregation within each term bucket if the threshold condition is met
for that bucket.
* Verify the migration by creating a DSL and KQL query in an older
version of Kibana and then upgrading to this PR. The rules should still
continue running successfully.
### Checklist
- [x]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Lisa Cawley <lcawley@elastic.co>
* Adding words
* PR feedback
* Update docs/user/alerting/troubleshooting/alerting-common-issues.asciidoc
Co-authored-by: Mike Côté <mikecote@users.noreply.github.com>
Co-authored-by: Mike Côté <mikecote@users.noreply.github.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* [Alerting][Docs] Support enablement documentation.
* additional docs
* fixed links
* Apply suggestions from code review
Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com>
* fixed common issues
* Apply suggestions from code review
Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com>
* fixed due to comments
* fixed TM health api page
* fixed TM health api page 2
* Apply suggestions from code review
Co-authored-by: ymao1 <ying.mao@elastic.co>
Co-authored-by: Mike Côté <mikecote@users.noreply.github.com>
* Apply suggestions from code review
Co-authored-by: Mike Côté <mikecote@users.noreply.github.com>
Co-authored-by: ymao1 <ying.mao@elastic.co>
* fixed due to the comments
* fixed due to the comments
* fixed experimental flag
* fixed due to the comments
* Apply suggestions from code review
Co-authored-by: ymao1 <ying.mao@elastic.co>
* Update docs/user/alerting/alerting-troubleshooting.asciidoc
Co-authored-by: ymao1 <ying.mao@elastic.co>
* fixed due to the comments
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com>
Co-authored-by: ymao1 <ying.mao@elastic.co>
Co-authored-by: Mike Côté <mikecote@users.noreply.github.com>
* Fix UX when alert is disabled and in an error state
* Reset executionStatus to pending after enabling an alert
* Renames alert instance status OK to Recovered
* Fix end to end test
* Update doc screenshot
* Fix confusing test name
* Remove flakiness in integration test
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Adding action variable docs for index threshold and ES query alerts
* Adding section for common action variables
* Adding link to server publicBaseUrl
* PR fixes
* Adding es query alert type to server with commented out executor
* Adding skeleton es query alert to client with JSON editor. Pulled out index popoover into component for reuse between index threshold and es query alert types
* Implementing alert executor that performs query and matches condition against doc count
* Added tests for server side alert type
* Updated alert executor to de-duplicate matches and create instance for every document if threshold is not defined
* Moving more index popover code out of index threshold and es query expression components
* Ability to remove threshold condition from es query alert
* Validation tests
* Adding ability to test out query. Need to add error handling and it looks ugly
* Fixing bug with creating alert with threshold and i18n
* wip
* Fixing tests
* Simplifying executor logic to only handle threshold and store hits in action context
* Adding functional test for es query alert
* Types
* Adding functional test for query testing
* Fixing unit test
* Adding link to ES docs. Cleaning up logger statements
* Adding docs
* Updating docs based on feedback
* PR fixes
* Using ES client typings
* Fixing unit test
* Fixing copy based on comments
* Fixing copy based on comments
* Fixing bug in index select popover
* Fixing unit tests
* Making track_total_hits configurable
* Fixing functional test
* PR fixes
* Added unit test
* Removing unused import
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Extended alerting documentation with information about using Kibana keystore and action types for preconfigured connectors
* Fixed due to comments and merged two preconfig pages
* Fixed due to review comments
* Update docs/user/alerting/action-types/index.asciidoc
Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com>
* Fixed due to comments
* -
Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com>
