[Alerting] event log meta issue

[pmuellr]

There are a number of outstanding issues regarding getting the event log operational. This issue is just going to track those.

There are also some topics without issues ... yet. Deferring creating those till we know more about the problem / solution.

• buffer events being written instead of writing when logged [alerting event log] buffer events being written instead of writing when logged #55634
• What activity from alerts and actions should be tracked in the event log? What activity from alerts and actions should be tracked in the event log? #62303
• event log should work with data streams [Alerting] event log should work with data streams #62677
• prepare for multi-space SO's; see: Sharing saved-objects in multiple spaces #27004
• pre-create event ids for event log documents - [Event Log] pre-create event ids for event log documents #64240
• rename ilm policy so it is not prefixed with dot [alerting event log] rename ilm policy so it is not prefixed with dot #61494
• add more tests for existing but unused code [alerting event log] add more tests for existing but unused code #55642
• add ECS 1.4/1.5 updates to event log schema [Alerting] add ECS 1.4/1.5 updates to event log schema #61891
• Event log authorization on additional saved objects Event log authorization on additional saved objects #62668
• enable event log index by default [Alerting] enable event log index by default #61867
• Event log license check Event log license check #58866
• change SO references in event log entries to single from nested [alerting event log] change SO references in event log entries to single from nested #55640
• add event log for alert execution and alerts scheduling actions [alerting event log] add event log for alert execution and alerts scheduling actions #55636
• add query support [alerting event log] add query support #55633
• should log events when alert instances come and go [Alerting] should log events when alert instances come and go #49894
• Event log to store namespace per saved object Event log to store namespace per saved object #62672
• prepare for pre-configured actions; see: Pre-configured Connectors #58914
• event log for action execution writes space_id instead of namespace [Alerting] event log for action execution writes space_id instead of namespace #63134

no issues yet

• how to deal with task manager SO's (saved in a different store; future thought if we have TM events); update 2021/07/29: this isn't a problem as the SO plugin deals with different stores seamlessly (presumably knowing the store based on the SO type)
• denormalize action/alert props like type, name, tags? the entire action/alert object (not indexed)? update update 2021/07/29: we've been slowing doing this over time, adding them as needed
• do we want event id's? transaction/trace id's? Would allow us to trace alert execution events all the way through action execution events. Today we don't, so you just get a flat list of events, only linked by SO, not by the events themselves. update 2021/07/29: again, something we've been looking at on an as-needed basis; for instance: [Alerting][Event Log] Consider adding uuid to active alert spans #101749

[elasticmachine]

Pinging @elastic/kibana-alerting-services (Team:Alerting Services)

[pmuellr]

I updated some of the "no issues yet" to note why there is no issue, just to get things up-to-date.

Everything else not checked has issues open for it.

And I don't know that anyone is using this issue any more - it was created back when we were getting the event log up and going, so doesn't really serve a purpose any more.

So closing. Feel free to re-open if there's more to do ...