[BUG] "Group by"/aggregations selections not showing in alert details flyout, or "Export as JSON" button

[AWSHurneyt]

What is the bug?
Group by/aggregation selections are not displaying in the UI.

This bug just impacts the UI. If you use the SearchMonitor API, the Group by/aggregations selections will be present in the monitor query; so the monitor's execution will reflect the those selections.

How can one reproduce the bug?
Steps to reproduce the behavior:

1. Create a bucket level monitor that generates alerts (either by curl/devtool commands, or UI)
2. Go to the monitor details page
3. Click the Export as JSON button. The aggregations field of the monitor query will not contain any document fields (screenshot 2 below illustrates this)
4. Once alerts have been generated by the monitor, go to the Alerts by trigger dashboard
5. Click the link in the Alerts column for the monitor to open the alert details flyout
6. The Group by section will be blank (screenshot 3 below illustrates this)

Do you have any screenshots?

Screenshot 1

This is the monitor configuration returned by the GetMonitor API. The aggregations shows that the search results should be grouped by the user field of the documents.

{
  "_id": "8P2H3osBIvYsA4af6k5H",
  "_version": 2,
  "_seq_no": 3,
  "_primary_term": 1,
  "monitor": {
    "type": "monitor",
    "schema_version": 8,
    "name": "bucket-vis",
    "monitor_type": "bucket_level_monitor",
    "enabled": true,
    "enabled_time": 1700245531053,
    "schedule": {
      "period": {
        "interval": 1,
        "unit": "MINUTES"
      }
    },
    "inputs": [
      {
        "search": {
          "indices": [
            "opensearch_dashboards_sample_data_ecommerce"
          ],
          "query": {
            "size": 0,
            "query": {
              "bool": {
                "filter": [
                  {
                    "range": {
                      "order_date": {
                        "from": "{{period_end}}||-1h",
                        "to": "{{period_end}}",
                        "include_lower": true,
                        "include_upper": true,
                        "format": "epoch_millis",
                        "boost": 1
                      }
                    }
                  }
                ],
                "adjust_pure_negative": true,
                "boost": 1
              }
            },
            "aggregations": {
              "composite_agg": {
                "composite": {
                  "size": 10,
                  "sources": [
                    {
                      "user": {
                        "terms": {
                          "field": "user",
                          "missing_bucket": false,
                          "order": "asc"
                        }
                      }
                    }
                  ]
                }
              }
            }
          }
        }
      }
    ],
    "triggers": [
      {
        "bucket_level_trigger": {
          "id": "8f2N3osBIvYsA4afu06P",
          "name": "bucket-vis-trig1",
          "severity": "1",
          "condition": {
            "buckets_path": {
              "_count": "_count"
            },
            "parent_bucket_path": "composite_agg",
            "script": {
              "source": "params._count < 10000",
              "lang": "painless"
            },
            "gap_policy": "skip"
          },
          "actions": []
        }
      }
    ],
    "last_update_time": 1700245912466,
    "data_sources": {
      "query_index": ".opensearch-alerting-queries",
      "findings_index": ".opensearch-alerting-finding-history-write",
      "findings_index_pattern": "<.opensearch-alerting-finding-history-{now/d}-1>",
      "alerts_index": ".opendistro-alerting-alerts",
      "alerts_history_index": ".opendistro-alerting-alert-history-write",
      "alerts_history_index_pattern": "<.opendistro-alerting-alert-history-{now/d}-1>",
      "query_index_mappings_by_type": {},
      "findings_enabled": false
    },
    "owner": "alerting"
  },
  "associated_workflows": []
}

Screenshot 2

This is the monitor as displayed by the Export as JSON button. This is a bucket level monitor, which is required to have at least 1 Group by/aggregations selection; but the UI is not displaying this.

Screenshot 3

This is the alert details flyout viewable on the Alerts by trigger dashboard page. The Group by section displays - when it should show the Group by/ aggregations selections.

[AWSHurneyt]

Related issue #816

[StefanStroebel]

Just installed and test in 2.11.1 and this issue seems to be still present .

[ghost]

Just installed and test in 2.11.1 and this issue seems to be still present .

yes, i have the same problem

[amsiglan]

@StefanStroebel @ghost Looks like we couldn't get this merged in time for 2.11.1
The fix is available in 2.12 and up
and it has been backported to the 2.11, 2.10 and 2.09 branches so whenever we have the next patch release for these versions, it will be available at that point.

Closing the issue since the fix has been merged.