elasticmachine
commented
10 hours ago Pinging @elastic/response-ops (Team:ResponseOps)
Open pmuellr opened 10 hours ago
elasticmachine
commented
10 hours ago Pinging @elastic/response-ops (Team:ResponseOps)
See https://github.com/elastic/kibana/issues/175980#issuecomment-2491934555
In the case where the fieldcaps call run when an ES Query / KQL rule is run, and the fieldcaps call returns a 404, the error logged is
Executing Rule default:.es-query:{id} has resulted in Error: Data view with ID {id} no longer contains a time fieldThis is a bit misleading, because what actually happened was there were no indices matching the fieldcaps request. We should be more precise.
The referenced issue also notes that we have some "bad behavior" when a 502 is returned from fieldcaps. I suspect we'd see the same result. Something seems to be "eating" the errors out of the es call. Perhaps we can repro this with a jest integration test. We obviously like to see that we got a 502 response from the fieldcaps call as the reason for the rule failure.