Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Observability alerting] Save group information with dynamic mapping #199298

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

[Observability alerting] Save group information with dynamic mapping #199298

wants to merge 1 commit into from

Conversation

maryam-saeidi
Copy link
Member

@maryam-saeidi maryam-saeidi commented Nov 7, 2024
edited
Loading

Summary

In this PoC, we are implementing saving group by information dynamically for the custom threshold rule. This consists of two parts:

  1. Adding a dynamic field
// kibana.alert.grouping
[ALERT_GROUPING]: {
    type: 'object',
    dynamic: true,
    array: false,
    required: false,
  },
  1. Adding a dynamic template
dynamicTemplates: [
      {
        strings_as_keywords: {
          path_match: 'kibana.alert.grouping.*',
          match_mapping_type: 'string',
          mapping: {
            type: 'keyword',
            ignore_above: 1024,
          },
        },
      },
    ],

The result of adding these mappings can be seen below:

Source 1 Source 2 Mapping
image image image

@maryam-saeidi maryam-saeidi added the release_note:skip Skip the PR/issue when compiling release notes label Nov 7, 2024
@maryam-saeidi maryam-saeidi self-assigned this Nov 7, 2024
@elasticmachine
Copy link
Contributor

🤖 Jobs for this PR can be triggered through checkboxes. 🚧

ℹ️ To trigger the CI, please tick the checkbox below 👇

  • Click to trigger kibana-pull-request for this PR!
  • Click to trigger kibana-deploy-project-from-pr for this PR!

@maryam-saeidi maryam-saeidi mentioned this pull request Nov 8, 2024
Open
@maryam-saeidi maryam-saeidi mentioned this pull request Dec 8, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@maryam-saeidi maryam-saeidi

Labels
release_note:skip Skip the PR/issue when compiling release notes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@maryam-saeidi @elasticmachine