search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.69k stars 8.12k forks source link

ES|QL rules should generate a `context.link` that points to Discover #188856

Open legrego opened 1 month ago

legrego commented 1 month ago

There are three sub-types to an Elasticsearch Query Alerting Rule:

  1. ES Query (traditional DSL)
  2. ES|QL Query
  3. Search Source

Of these three, only the Search Source implementation provides a context.link variable that links to relevant docs in the Discover application: https://github.com/elastic/kibana/blob/3ae4111a77bc558c478e42da0e6803a901ec27c9/x-pack/plugins/stack_alerts/server/rule_types/es_query/lib/fetch_search_source_query.ts#L224

ES Query and ES|QL both generate links to the rule itself: https://github.com/elastic/kibana/blob/3ae4111a77bc558c478e42da0e6803a901ec27c9/x-pack/plugins/stack_alerts/server/rule_types/es_query/lib/fetch_esql_query.ts#L65

https://github.com/elastic/kibana/blob/3ae4111a77bc558c478e42da0e6803a901ec27c9/x-pack/plugins/stack_alerts/server/rule_types/es_query/lib/fetch_es_query.ts#L137

Now that Discover has first-class support for ES|QL queries, it may be possible to generate a link to Discover with relevant documents, similar to what's done today for Search Source rules.

elasticmachine commented 1 month ago

Pinging @elastic/response-ops (Team:ResponseOps)