[RAC] Update alert documents in lifecycle rule type helper #101598
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dgieselaar
added
release_note:skip
|
Pinging @elastic/apm-ui (Team:apm) |
smith
approved these changes
Jun 9, 2021
| await ruleDataClient.getWriter().bulk({ | ||
| body: eventsToIndex.flatMap((event) => [{ index: {} }, event]), | ||
| body: eventsToIndex |
There was a problem hiding this comment.
This is clever, but it would be cleverer with an explanation of what's going on and a unit test.
|
Running this locally, I get this error in the transaction error rate rule type (it's being thrown from the ruleRegistry lifecycle rule type factory): Full Error JSON{
"reason": "execute",
"error": {
"name": "ResponseError",
"meta": {
"body": {
"error": {
"root_cause": [
{
"type": "security_exception",
"reason": "action [indices:admin/create] is unauthorized for user [kibana_system_user] with roles [kibana_system] on indices [.alerts-observability-apm-000001], this action is granted by the index privileges [create_index,manage,all]"
}
],
"type": "security_exception",
"reason": "action [indices:admin/create] is unauthorized for user [kibana_system_user] with roles [kibana_system] on indices [.alerts-observability-apm-000001], this action is granted by the index privileges [create_index,manage,all]"
},
"status": 403
},
"statusCode": 403,
"headers": {
"content-length": "565",
"content-type": "application/json;charset=utf-8",
"x-cloud-request-id": "b7SkxMHtRCmqtrHj78PWfQ",
"x-found-handling-cluster": "b5caf8c576704714a9bb2559bddab987",
"x-found-handling-instance": "instance-0000000040",
"date": "Wed, 09 Jun 2021 23:05:39 GMT"
},
"meta": {
"context": null,
"request": {
"params": {
"method": "PUT",
"path": "/.alerts-observability-apm-000001",
"body": "{\"aliases\":{\".alerts-observability-apm\":{\"is_write_index\":true}}}",
"querystring": "",
"headers": {
"user-agent": "elasticsearch-js/8.0.0-canary.4 (darwin 18.7.0-x64; Node.js v14.17.0)",
"x-elastic-product-origin": "kibana",
"x-elastic-client-meta": "es=8.0.0p,js=14.17.0,t=8.0.0p,hc=14.17.0",
"content-type": "application/json",
"content-length": "65"
},
"timeout": 30000
},
"options": {},
"id": 309
},
"name": "elasticsearch-js",
"connection": {
"url": "https://b5caf8c576704714a9bb2559bddab987.us-east-1.aws.staging.foundit.no:9243/",
"id": "https://b5caf8c576704714a9bb2559bddab987.us-east-1.aws.staging.foundit.no:9243/",
"headers": {},
"deadCount": 0,
"resurrectTimeout": 0,
"_openRequests": 0,
"status": "alive",
"roles": {
"master": true,
"data": true,
"ingest": true,
"ml": false
}
},
"attempts": 0,
"aborted": false
}
}
}
}Currently, Kibana can't parse this error accurately enough to expose the underlying error message, so it just prints: |
|
@jasonrhodes what version of ES are you on? The error you are seeing is supposed to be handled by the ES permission changes in elastic/elasticsearch#72181. |
|
I'm pointed at the Edge cluster. |
|
No need to block these changes if we feel confident they're fixed. I'll keep playing with it after the merge. |
|
@jasonrhodes at the time of writing, the edge cluster's ES snapshot is from 26th of April, which predates the privilege changes. |
|
OK well then let's merge this and I'll test against the Logs and Metrics rule stuff we're currently working on. At another time, I need a refresher on how to test APM data locally when Edge isn't working, it's been a long time since I've run apm-integration-testing :) |
|
@elasticmachine merge upstream |
dgieselaar
added
the
auto-backport
💚 Build SucceededMetrics [docs]Public APIs missing exports
History
To update your PR or re-run it, just comment with: |
kibanamachine
added a commit
to kibanamachine/kibana
that referenced
this pull request
Jun 16, 2021
…01598) Co-authored-by: Kibana Machine <[email protected]>
💚 Backport successful
This backport PR will be merged automatically after passing CI. |
kibanamachine
added a commit
that referenced
this pull request
Jun 16, 2021
…102397) Co-authored-by: Kibana Machine <[email protected]> Co-authored-by: Dario Gieselaar <[email protected]>
jloleysens
added a commit
to jloleysens/kibana
that referenced
this pull request
Jun 17, 2021
…egrations-to-global-search * 'master' of github.com:elastic/kibana: (46 commits) [Lens] Add some more documentation for dynamic coloring (elastic#101369) hide not searchable results when no term (elastic#102401) [Lens] Fix Formula functional test with multiple suggestions (elastic#102378) Fix trusted apps modified by field displayed as a date field (elastic#102377) [Lens] Docs for time shift (elastic#102048) update readme of logs-metrics-ui (elastic#101968) Refactor observability plugin breadcrumbs (elastic#102290) [Index Patterns] Move rollup config to index pattern management v2 (elastic#102285) [Security Solution][Endpoint] Isolate Action should only be available to Platinum+ licenses (elastic#102374) [build] Updates Ironbank templates (elastic#102407) Update security best practices document (elastic#100814) [Enterprise Search] Set up initial KibanaPageTemplate (elastic#102170) [Reporting/Docs] Add section to troubleshooting guide to explain the StatusCodeError logs (elastic#102278) [DOCS] Updating Elastic Security Overview topic (elastic#101922) [Uptime] refactor Synthetics Integration package UI (elastic#102080) [Task Manager] Log at different levels based on the state (elastic#101751) [APM] Fixing time comparison types (elastic#101423) [RAC] Update alert documents in lifecycle rule type helper (elastic#101598) [ML] Functional tests - fix and re-activate alerting flyout test (elastic#102368) [Reporting] remove unused reference to path.data config (elastic#102267) ... # Conflicts: # x-pack/plugins/fleet/kibana.json
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #100451.
Summary
Create
event.kind:signalalert documents, and update those when an alert is/stays active, in addition to the append-only evaluations (which are nowevent.kind:event). Usage ofcollapseis also removed for the table/APM app views.Other changes:
no_matching_indicesexception for thegetDynamicIndexPatternfunction