diff --git a/x-pack/plugins/actions/server/lib/action_executor.ts b/x-pack/plugins/actions/server/lib/action_executor.ts index a33fb8830a930..48807749adc64 100644 --- a/x-pack/plugins/actions/server/lib/action_executor.ts +++ b/x-pack/plugins/actions/server/lib/action_executor.ts @@ -138,13 +138,18 @@ export class ActionExecutor { status: 'ok', }; + event.event = event.event || {}; + if (result.status === 'ok') { + event.event.outcome = 'success'; event.message = `action executed: ${actionLabel}`; } else if (result.status === 'error') { + event.event.outcome = 'failure'; event.message = `action execution failure: ${actionLabel}`; event.error = event.error || {}; event.error.message = actionErrorToMessage(result); } else { + event.event.outcome = 'failure'; event.message = `action execution returned unexpected result: ${actionLabel}`; event.error = event.error || {}; event.error.message = 'action execution returned unexpected result'; diff --git a/x-pack/plugins/alerting/server/task_runner/task_runner.ts b/x-pack/plugins/alerting/server/task_runner/task_runner.ts index 1d4b12e96bc76..06448311d2130 100644 --- a/x-pack/plugins/alerting/server/task_runner/task_runner.ts +++ b/x-pack/plugins/alerting/server/task_runner/task_runner.ts @@ -202,12 +202,16 @@ export class TaskRunner { event.message = `alert execution failure: ${alertLabel}`; event.error = event.error || {}; event.error.message = err.message; + event.event = event.event || {}; + event.event.outcome = 'failure'; eventLogger.logEvent(event); throw err; } eventLogger.stopTiming(event); event.message = `alert executed: ${alertLabel}`; + event.event = event.event || {}; + event.event.outcome = 'success'; eventLogger.logEvent(event); // Cleanup alert instances that are no longer scheduling actions to avoid over populating the alertInstances object diff --git a/x-pack/plugins/event_log/generated/mappings.json b/x-pack/plugins/event_log/generated/mappings.json index 9c1dff60f9727..f487e9262e50e 100644 --- a/x-pack/plugins/event_log/generated/mappings.json +++ b/x-pack/plugins/event_log/generated/mappings.json @@ -41,6 +41,10 @@ }, "end": { "type": "date" + }, + "outcome": { + "ignore_above": 1024, + "type": "keyword" } } }, diff --git a/x-pack/plugins/event_log/generated/schemas.ts b/x-pack/plugins/event_log/generated/schemas.ts index 5e93f320c009f..9c923fe77d035 100644 --- a/x-pack/plugins/event_log/generated/schemas.ts +++ b/x-pack/plugins/event_log/generated/schemas.ts @@ -41,6 +41,7 @@ export const EventSchema = schema.maybe( start: ecsDate(), duration: ecsNumber(), end: ecsDate(), + outcome: ecsString(), }) ), error: schema.maybe( diff --git a/x-pack/plugins/event_log/scripts/mappings.js b/x-pack/plugins/event_log/scripts/mappings.js index de3c9d631fbca..8cc2c74b60e57 100644 --- a/x-pack/plugins/event_log/scripts/mappings.js +++ b/x-pack/plugins/event_log/scripts/mappings.js @@ -53,6 +53,7 @@ exports.EcsEventLogProperties = [ 'event.start', 'event.duration', 'event.end', + 'event.outcome', // optional, but one of failure, success, unknown 'error.message', 'user.name', 'kibana.server_uuid',