Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Rules] Add validation to prevent selecting a data view without a time field in "Elasticsearch query" rule flyout #135806

Closed
jughosta opened this issue Jul 6, 2022 · 7 comments · Fixed by #146324
Closed

[Rules] Add validation to prevent selecting a data view without a time field in "Elasticsearch query" rule flyout #135806

jughosta opened this issue Jul 6, 2022 · 7 comments · Fixed by #146324
Assignees
@dimaanj
Labels
bug Fixes for quality problems that affect the customer experience :DataDiscovery/fix-it-week impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. loe:small Small Level of Effort Team:DataDiscovery Discover, search (e.g. data plugin and KQL), data views, saved searches. For ES|QL, use Team:ES|QL. Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) WIP Work in progress

Comments

@jughosta
Copy link
Contributor

jughosta commented Jul 6, 2022

Kibana version: main (8.4)

Description of the problem including expected versus actual behavior:
Currently we allow to select a data view without a time field which results in a broken rule.

Steps to reproduce:

  1. Have 2 data views: with time field and without one
  2. Open a data view with a time field on Discover and press "Alerts" to open the flyout
  3. Switch data view inside the flyout to the one without a time field
  4. Notice that a rule is created but it shows a error on Rules and Connectors page

Expected:
A validation message that such rule can't be created based on a data view without a time field. Or we disable selecting such data views in the chooser component.

Jul-06-2022 14-23-10

Originally posted in #134763 (review)
@jughosta jughosta added enhancement New value added to drive a business result Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) Team:DataDiscovery Discover, search (e.g. data plugin and KQL), data views, saved searches. For ES|QL, use Team:ES|QL. labels Jul 6, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/response-ops (Team:ResponseOps)

@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-data-discovery (Team:DataDiscovery)

@jughosta jughosta mentioned this issue Jul 6, 2022
Merged
4 tasks
@mikecote mikecote moved this from Awaiting Triage to In Review in AppEx: ResponseOps - Execution & Connectors Jul 6, 2022
@ninoslavmiskovic ninoslavmiskovic added impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. and removed impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. labels Sep 29, 2022
@EricDavisX EricDavisX mentioned this issue Oct 7, 2022
Closed
@EricDavisX
Copy link
Contributor

@jughosta this looks fixed to me, want to check it and close it out if so? Just making sure I hadn't misunderstood any details. Cheers.

@jughosta
Copy link
Contributor Author

@EricDavisX The issue is still reproducible.

@EricDavisX
Copy link
Contributor

Thanks, I must be looking at a different use case / work flow. Carry on, then. Cheers

@jughosta jughosta mentioned this issue Oct 18, 2022
Merged
6 tasks
@dimaanj dimaanj mentioned this issue Nov 18, 2022
Closed
1 task
@kertal
Copy link
Member

kertal commented Nov 22, 2022

Ideally we prevent the user from creating and adding such data view in the alert context. but, given we have no ad-hoc data views that also allow quick ad-hoc creation with auto-time field select (and selecting none if there's no matching field), it might not be that easy. So I think we should
a) Add a message / callout that the selected data view is not valid
b) Prevent saving such a rule, because it would not work, and just fail
Menubar_und_Discover_-_Elastic

@kertal kertal mentioned this issue Nov 22, 2022
Closed
2 tasks
@kertal kertal added :DataDiscovery/fix-it-week loe:small Small Level of Effort bug Fixes for quality problems that affect the customer experience and removed enhancement New value added to drive a business result labels Nov 22, 2022
@kertal
Copy link
Member

kertal commented Nov 22, 2022

Upgrading the issue to a bug, because it allows users to create invalid alert rule. The bugfix should prevent this by adding a message to the user, and preventing the saving of a data view without a time field. A potential follow up issue could be, to enhance the data view picker to don't allow creating data views without timefield if the component is configured that way. This should not change the way the data view picker works by default.

@dimaanj dimaanj added the WIP Work in progress label Nov 24, 2022
@dimaanj dimaanj mentioned this issue Nov 24, 2022
Merged
2 tasks
@dimaanj dimaanj mentioned this issue Dec 6, 2022
Closed
dimaanj added a commit that referenced this issue Dec 14, 2022
@dimaanj @kibanamachine
[Discover] Validate if Data View time field exists on Alert creation …
6b5ab8f 
…/ editing (#146324)

## Summary

Closes #135806

This PR adds optional `timeField` param for Discover alert and adding
validation data view if it time based.


![AD61D10F-6278-429C-B69D-C1952BB0A3C1_4_5005_c](https://user-images.githubusercontent.com/39378793/205312590-0392cd2e-740e-4e3e-ba17-712e0696eef3.jpeg)

### How to test
- Open `Alerts` in Discover
- Select non time based data view
- Try to save the rule. You should see error message.


### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
nreese pushed a commit to nreese/kibana that referenced this issue Dec 16, 2022
@dimaanj @kibanamachine @nreese
[Discover] Validate if Data View time field exists on Alert creation …
f718fec 
…/ editing (elastic#146324)

## Summary

Closes elastic#135806

This PR adds optional `timeField` param for Discover alert and adding
validation data view if it time based.


![AD61D10F-6278-429C-B69D-C1952BB0A3C1_4_5005_c](https://user-images.githubusercontent.com/39378793/205312590-0392cd2e-740e-4e3e-ba17-712e0696eef3.jpeg)

### How to test
- Open `Alerts` in Discover
- Select non time based data view
- Try to save the rule. You should see error message.


### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dimaanj dimaanj

Labels
bug Fixes for quality problems that affect the customer experience :DataDiscovery/fix-it-week impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. loe:small Small Level of Effort Team:DataDiscovery Discover, search (e.g. data plugin and KQL), data views, saved searches. For ES|QL, use Team:ES|QL. Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) WIP Work in progress
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Discover] Validate if Data View time field exists on Alert creation / editing dimaanj/kibana
6 participants
@kertal @jughosta @EricDavisX @elasticmachine @dimaanj @ninoslavmiskovic