[Alerting] Improve creation and editing of "Elasticsearch query" rule in Management

[jughosta]

Closes #134183

Summary

This PR brings an improved and more convenient UI for creating rules to Management page as we have it now on Discover page.

Steps to test:

• From Stack Management page:
  • Open "Rules and Connectors"
  • Select "Elasticsearch query" from rules list
  • Select how to configure this new rule: KQL/Lucene or Query DSL
  • Check that both options work
• From Discover page:
  • Press "Alerts" > "Create search threshold rule"
  • Check that it still allows to configure a rule in KQL/Lucene mode

Stack Management > New rule > Elasticsearch Query

"KQL or Lucene" is selected

"Query DSL" is selected

Discover > Alerts > Create search threshold rule

Checklist

• Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support
• Unit or functional tests were updated or added to match the most common scenarios
• This renders correctly on smaller devices using a responsive layout. (You can test this in your browser)
• This was checked for cross-browser compatibility

[gmmorris]

Added a deploy to Cloud label so I can play around with these changes.
Thanks @jughosta

[jughosta]

@elasticmachine merge upstream

[jughosta]

@ymao1 Great findings! Since they are also present on main branch I created 2 separate github issues:

#135641

Also, when I created a rule using a data view, then deleted the data view, I see this when editing the rule:

Should that be a link?

#135642

This is unrelated to this PR, but when I have a user who has no access to "Stack Rules" but does have access to "Discover", I can see the rule creation flyout but when I try to save the rule, I get a permissions error. Is this a known issue?

[jughosta]

@andreadelrio Updated styles for the button in the popover:

[andreadelrio]

@jughosta this needs a further reduction of padding. I'd remove the padding highlighted here with a CSS override.

[jughosta]

Thanks @andreadelrio ! Updated:

Is there anything else blocking?

[ymao1]

LGTM! Nice job

[kertal]

Lot's of great fine-tuning since the last time I've checked 👍 While giving it another testing round I encountered a reason why we should not allow the user to create data views in the rule flyout. Users could create data views without time field which would lead to invalid rules. I therefore would suggest to not provide the functionality of adding data views in this area

One tiny nit, when I decided I don't wanna create this rule type, so returning to the selection of all rule types I'm getting an error message

[jughosta]

While giving it another testing round I encountered a reason why we should not allow the user to create data views in the rule flyout. Users could create data views without time field which would lead to invalid rules. I therefore would suggest to not provide the functionality of adding data views in this area

@kertal I would rather keep this functionality and add a separate validation message to notify that the selected data view requires to have a timestamp. Users can currently select an existing data view in flyout on Discover page too and we don't validate that:

We could also address it as a followup PR since this problem is already present on main branch.

One tiny nit, when I decided I don't wanna create this rule type, so returning to the selection of all rule types I'm getting an error message

This also present on main branch and I think is unrelated to "Elasticsearch query" work we do here. Can we create a separate issue for it?

[jughosta]

@elasticmachine merge upstream

[kertal]

While giving it another testing round I encountered a reason why we should not allow the user to create data views in the rule flyout. Users could create data views without time field which would lead to invalid rules. I therefore would suggest to not provide the functionality of adding data views in this area

@kertal I would rather keep this functionality and add a separate validation message to notify that the selected data view requires to have a timestamp. Users can currently select an existing data view in flyout on Discover page too and we don't validate that:
We could also address it as a followup PR since this problem is already present on main branch.

Makes sense!

One tiny nit, when I decided I don't wanna create this rule type, so returning to the selection of all rule types I'm getting an error message

This also present on main branch and I think is unrelated to "Elasticsearch query" work we do here. Can we create a separate issue for it?

Makes sense part II!

Will finish my review now, was delayed by a thunderstorm while walking to my hut

[kertal]

LGTM, testes again with cloud deployment, by creating a alert rule for KQL & Lucene , and another for Query DSL. Works as expected. Thx a lot for brining this over the finishing line! 🥳

[jughosta]

@kertal Thanks for review and testing! Created 2 more tickets based on your comments:

• [Rules] Discarding a selected rule type in the Create Rule flyout does not allow to select another rule type #135804
• [Rules] Add validation to prevent selecting a data view without a time field in "Elasticsearch query" rule flyout #135806

[dimaanj]

LGTM.

[andreadelrio]

Design changes LGTM.

[kibana-ci]

💚 Build Succeeded

• Buildkite Build
• Commit: 5c27116
• Storybooks Preview
• Cloud Deployment
• Webpack Bundle Analyzer

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id	before	after	diff
stackAlerts	132	136	+4

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id	before	after	diff
triggersActionsUi	376	377	+1

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
stackAlerts	205.3KB	209.6KB	+4.3KB
triggersActionsUi	866.7KB	866.7KB	+25.0B
total			+4.3KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
stackAlerts	13.4KB	13.8KB	+494.0B
triggersActionsUi	89.2KB	89.2KB	+32.0B
total			+526.0B

Unknown metric groups

API count

id	before	after	diff
triggersActionsUi	390	391	+1

History

• 💚 Build #55504 succeeded fd61f43
• 💚 Build #55007 succeeded 27451c2
• 💚 Build #54674 succeeded 0aae012
• 💔 Build #54644 failed 0aae012
• 💚 Build #54609 succeeded f5a8a31
• 💔 Build #54602 failed e202725

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @jughosta