event_log find by legacy IDs and legacy namespace #123665
Labels
Feature:Alerting/RulesFramework
Issues related to the Alerting Rules Framework
Feature:Alerting
Feature:EventLog
Team:ResponseOps
Label for the ResponseOps team (formerly the Cases and Alerting teams)
Alerting rules currently have a
legacyId
field that is being used to retrieve event-log documents that were created prior to the great saved-object ID regeneration of 8.0. This allows the event_log'sClusterClientAdapter
to create an ES query to return documents that match the following pseudo-SQL:This logic works at the moment because alerting rules can't be shared in multiple spaces. However, as soon as alerting rules can be shared in multiple spaces, we won't be able to rely on the
namespaces
field and we will need to store thelegacyNamespace
field on the alerting rule saved-object so we can perform the following pseudo-SQL:The text was updated successfully, but these errors were encountered: