search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.78k stars 8.19k forks source link

[Response Ops][Cases] Define a better type for useFetchAlertData hooks #124048

Open jonathan-buttner opened 2 years ago

jonathan-buttner commented 2 years ago

The useFetchAlertData hooks defined for security solution and observability will return Record<string, unknown> when this PR is merged: https://github.com/elastic/kibana/pull/123883

Ideally we could help the recipient by returning a more definitive type. The issue is that security solution's implementation recursively breaks the results up into a nested object here: https://github.com/elastic/kibana/blob/main/x-pack/plugins/security_solution/public/cases/pages/use_fetch_alert_data.ts#L30 https://github.com/elastic/kibana/blob/main/x-pack/plugins/security_solution/public/common/utils/alerts.ts#L128

where as the observability function does not. It simply returns the data the way the alerts client sends it which looks more like:

Alerts client response ``` { "took": 2, "timed_out": false, "_shards": { "total": 1, "successful": 1, "skipped": 0, "failed": 0 }, "hits": { "max_score": null, "hits": [ { "_index": ".internal.alerts-observability.metrics.alerts-default-000001", "_id": "662aba44-d24f-47f9-8933-0e0f81cae6df", "_seq_no": 696, "_primary_term": 1, "_score": null, "_source": { "kibana.alert.rule.category": "Metric threshold", "kibana.alert.rule.consumer": "infrastructure", "kibana.alert.rule.execution.uuid": "40cc6f59-1101-45b1-81df-fdb47f87fcc4", "kibana.alert.rule.name": "Jon rule", "kibana.alert.rule.producer": "infrastructure", "kibana.alert.rule.rule_type_id": "metrics.alert.threshold", "kibana.alert.rule.uuid": "325830a0-7eba-11ec-a3b9-350ed5c64d7e", "kibana.space_ids": [ "default" ], "kibana.alert.rule.tags": [], "@timestamp": "2022-01-26T22:37:20.409Z", "kibana.alert.reason": "Document count has reported no data over the past 1m for *", "kibana.alert.duration.us": 26767233000, "kibana.alert.instance.id": "*", "kibana.alert.start": "2022-01-26T15:11:13.176Z", "kibana.alert.uuid": "662aba44-d24f-47f9-8933-0e0f81cae6df", "kibana.alert.status": "active", "kibana.alert.workflow_status": "open", "event.kind": "signal", "event.action": "active", "kibana.version": "8.1.0", "tags": [] }, "fields": { "kibana.alert.rule.rule_type_id": [ "metrics.alert.threshold" ], "kibana.alert.workflow_status": [ "open" ], "kibana.space_ids": [ "default" ], "kibana.alert.rule.consumer": [ "infrastructure" ] }, "sort": [ 1643236640409 ] } ] } } ```
Observability formatted result ``` { "<_id value>": { _id: , _index: ... } } ```
elasticmachine commented 2 years ago

Pinging @elastic/response-ops-cases (Feature:Cases)

elasticmachine commented 2 years ago

Pinging @elastic/response-ops (Team:ResponseOps)