[Event Log] pre-create event ids for event log documents

[pmuellr]

Currently event log documents are written to ES using POST, allowing ES to create the id for them. We should instead be generating the id's ourself, and write them via PUT.

This will solve the problem of writing the same event log document twice - which I don't think is a problem now, but could be once we start buffering event writing. If ES goes down during a buffered write, we won't really know if the documents got written or not. Writing them again, without having our own ids, would create duplicate documents if they did get written. When using our own IDs, we would ensure there was only one document written for the event.

This could also be needed if we ever want to allow event log records to be "linked" together - eg, when an action is scheduled by an alert, being able to associate the specific action execution log document to the action scheduled log document. Using the document id for this purpose seems like a nice way to handle those "references".

Not sure what the downsides of creating your own ES document ids is, beyond making sure they are unique (or unique "enough" given some UUID scheme). Need to look into that ...

[elasticmachine]

Pinging @elastic/kibana-alerting-services (Team:Alerting Services)

[mikecote]

Moving from 7.x - Candidates to 8.x - Candidates (Backlog) after the latest 7.x planning session.