-
Notifications
You must be signed in to change notification settings - Fork 8.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Build a consolidated implementation (Draft)
- Loading branch information
Showing
40 changed files
with
1,037 additions
and
566 deletions.
There are no files selected for viewing
35 changes: 35 additions & 0 deletions
35
x-pack/plugins/rule_registry/common/event_log/assets/common_component_templates.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
|
|
||
| import { merge } from 'lodash'; | ||
| import { ComponentTemplateOptions } from '../definition'; | ||
| import { commonEcsMappings } from './schema/common_ecs_fields'; | ||
| import { technicalFieldMappings } from './schema/technical_fields'; | ||
|
|
||
| /** | ||
| * Based on these options the Event Log mechanism will create and maintain | ||
| * `.alerts-settings` component template. | ||
| */ | ||
| export const commonSettingsTemplate: ComponentTemplateOptions = { | ||
| version: 1, | ||
| settings: { | ||
| number_of_shards: 1, | ||
| auto_expand_replicas: '0-1', | ||
| 'mapping.total_fields.limit': 10000, | ||
| 'sort.field': '@timestamp', | ||
| 'sort.order': 'desc', | ||
| }, | ||
| }; | ||
|
|
||
| /** | ||
| * Based on these options the Event Log mechanism will create and maintain | ||
| * `.alerts-mappings` component template. | ||
| */ | ||
| export const commonMappingsTemplate: ComponentTemplateOptions = { | ||
| version: 1, | ||
| mappings: merge({}, commonEcsMappings, technicalFieldMappings), | ||
| }; |
14 changes: 14 additions & 0 deletions
14
x-pack/plugins/rule_registry/common/event_log/assets/common_schema.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
|
|
||
| import { Schema } from '../definition'; | ||
| import { commonEcsSchema } from './schema/common_ecs_fields'; | ||
| import { technicalFieldSchema } from './schema/technical_fields'; | ||
|
|
||
| export const commonSchema = Schema.combine(commonEcsSchema, technicalFieldSchema); | ||
|
|
||
| export type CommonFields = typeof commonSchema.event; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
39 changes: 39 additions & 0 deletions
39
x-pack/plugins/rule_registry/common/event_log/assets/schema/common_ecs_fields.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
|
|
||
| import { pickWithPatterns } from '../../../../common/pick_with_patterns'; | ||
| import { | ||
| TIMESTAMP, | ||
| TAGS, | ||
| EVENT_KIND, | ||
| EVENT_ACTION, | ||
| RULE_UUID, | ||
| RULE_ID, | ||
| RULE_NAME, | ||
| RULE_CATEGORY, | ||
| } from '../../../../common/technical_rule_data_field_names'; | ||
| import { ecsFieldMap } from '../../../assets/field_maps/ecs_field_map'; | ||
| import { mappingFromFieldMap } from '../../../mapping_from_field_map'; | ||
| import { runtimeTypeFromFieldMap } from '../../../field_map/runtime_type_from_fieldmap'; | ||
| import { Schema } from '../../definition'; | ||
|
|
||
| export const commonEcsFieldMap = { | ||
| ...pickWithPatterns( | ||
| ecsFieldMap, | ||
| TIMESTAMP, | ||
| TAGS, | ||
| EVENT_KIND, | ||
| EVENT_ACTION, | ||
| RULE_UUID, | ||
| RULE_ID, | ||
| RULE_NAME, | ||
| RULE_CATEGORY | ||
| ), | ||
| } as const; | ||
|
|
||
| export const commonEcsMappings = mappingFromFieldMap(commonEcsFieldMap); | ||
| export const commonEcsSchema = Schema.create(runtimeTypeFromFieldMap(commonEcsFieldMap)); |
40 changes: 40 additions & 0 deletions
40
x-pack/plugins/rule_registry/common/event_log/assets/schema/technical_fields.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
|
|
||
| import { | ||
| ALERT_DURATION, | ||
| ALERT_END, | ||
| ALERT_EVALUATION_THRESHOLD, | ||
| ALERT_EVALUATION_VALUE, | ||
| ALERT_ID, | ||
| ALERT_SEVERITY_LEVEL, | ||
| ALERT_SEVERITY_VALUE, | ||
| ALERT_START, | ||
| ALERT_STATUS, | ||
| ALERT_UUID, | ||
| PRODUCER, | ||
| } from '../../../../common/technical_rule_data_field_names'; | ||
| import { mappingFromFieldMap } from '../../../mapping_from_field_map'; | ||
| import { runtimeTypeFromFieldMap } from '../../../field_map/runtime_type_from_fieldmap'; | ||
| import { Schema } from '../../definition'; | ||
|
|
||
| export const technicalFieldMap = { | ||
| [PRODUCER]: { type: 'keyword' }, | ||
| [ALERT_UUID]: { type: 'keyword' }, | ||
| [ALERT_ID]: { type: 'keyword' }, | ||
| [ALERT_START]: { type: 'date' }, | ||
| [ALERT_END]: { type: 'date' }, | ||
| [ALERT_DURATION]: { type: 'long' }, | ||
| [ALERT_SEVERITY_LEVEL]: { type: 'keyword' }, | ||
| [ALERT_SEVERITY_VALUE]: { type: 'long' }, | ||
| [ALERT_STATUS]: { type: 'keyword' }, | ||
| [ALERT_EVALUATION_THRESHOLD]: { type: 'scaled_float', scaling_factor: 100 }, | ||
| [ALERT_EVALUATION_VALUE]: { type: 'scaled_float', scaling_factor: 100 }, | ||
| } as const; | ||
|
|
||
| export const technicalFieldMappings = mappingFromFieldMap(technicalFieldMap); | ||
| export const technicalFieldSchema = Schema.create(runtimeTypeFromFieldMap(technicalFieldMap)); |
17 changes: 17 additions & 0 deletions
17
x-pack/plugins/rule_registry/common/event_log/definition/event_log_definition.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
|
|
||
| import { EventSchema } from './event_schema'; | ||
| import { IlmPolicy } from './ilm_policy'; | ||
| import { Templates } from './index_template'; | ||
|
|
||
| export interface EventLogDefinition<TEvent> { | ||
| logName: string; | ||
| schema: EventSchema<TEvent>; | ||
| templates: Templates; | ||
| ilmPolicy?: IlmPolicy; | ||
| } |
27 changes: 27 additions & 0 deletions
27
x-pack/plugins/rule_registry/common/event_log/definition/event_schema.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
|
|
||
| import * as t from 'io-ts'; | ||
|
|
||
| export interface EventSchema<TEvent> { | ||
| eventType: t.Type<TEvent>; | ||
| event: TEvent; | ||
| } | ||
|
|
||
| export abstract class Schema { | ||
| public static create<TEvent>(eventType: t.Type<TEvent>): EventSchema<TEvent> { | ||
| return { | ||
| eventType, | ||
| event: {} as t.TypeOf<typeof eventType>, | ||
| }; | ||
| } | ||
|
|
||
| public static combine<T1, T2>(s1: EventSchema<T1>, s2: EventSchema<T2>): EventSchema<T1 & T2> { | ||
| const combinedType = t.intersection([s1.eventType, s2.eventType]); | ||
| return this.create(combinedType); | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
12 changes: 12 additions & 0 deletions
12
x-pack/plugins/rule_registry/common/event_log/definition/index.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
|
|
||
| export * from './event_log_definition'; | ||
| export * from './event_schema'; | ||
| export * from './ilm_policy'; | ||
| export * from './index_names'; | ||
| export * from './index_template'; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.