diff --git a/x-pack/plugins/alerting/server/alerts_service/alerts_service.test.ts b/x-pack/plugins/alerting/server/alerts_service/alerts_service.test.ts index 4b4f632d4cb20..1543596a7ad4d 100644 --- a/x-pack/plugins/alerting/server/alerts_service/alerts_service.test.ts +++ b/x-pack/plugins/alerting/server/alerts_service/alerts_service.test.ts @@ -149,7 +149,7 @@ const getIndexTemplatePutBody = (opts?: GetIndexTemplatePutBodyOpts) => { body: { index_patterns: indexPatterns, composed_of: [ - ...(useEcs ? ['.alerts-ecs-mappings'] : []), + ...(useEcs ? ['ecs@mappings'] : []), `.alerts-${context ? `${context}.alerts` : 'test.alerts'}-mappings`, ...(useLegacyAlerts ? ['.alerts-legacy-alert-mappings'] : []), '.alerts-framework-mappings', @@ -170,9 +170,10 @@ const getIndexTemplatePutBody = (opts?: GetIndexTemplatePutBodyOpts) => { }), 'index.mapping.ignore_malformed': true, 'index.mapping.total_fields.limit': 2500, + 'index.mapping.total_fields.ignore_dynamic_beyond_limit': true, }, mappings: { - dynamic: false, + dynamic: true, _meta: { kibana: { version: '8.8.0' }, managed: true, @@ -289,14 +290,12 @@ describe('Alerts Service', () => { if (!useDataStreamForAlerts) { expect(clusterClient.ilm.putLifecycle).toHaveBeenCalledWith(IlmPutBody); } - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(2); const componentTemplate1 = clusterClient.cluster.putComponentTemplate.mock.calls[0][0]; expect(componentTemplate1.name).toEqual('.alerts-framework-mappings'); const componentTemplate2 = clusterClient.cluster.putComponentTemplate.mock.calls[1][0]; expect(componentTemplate2.name).toEqual('.alerts-legacy-alert-mappings'); - const componentTemplate3 = clusterClient.cluster.putComponentTemplate.mock.calls[2][0]; - expect(componentTemplate3.name).toEqual('.alerts-ecs-mappings'); }); test('should not initialize common resources if ES is not ready', async () => { @@ -329,14 +328,12 @@ describe('Alerts Service', () => { if (!useDataStreamForAlerts) { expect(clusterClient.ilm.putLifecycle).toHaveBeenCalledWith(IlmPutBody); } - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(2); const componentTemplate1 = clusterClient.cluster.putComponentTemplate.mock.calls[0][0]; expect(componentTemplate1.name).toEqual('.alerts-framework-mappings'); const componentTemplate2 = clusterClient.cluster.putComponentTemplate.mock.calls[1][0]; expect(componentTemplate2.name).toEqual('.alerts-legacy-alert-mappings'); - const componentTemplate3 = clusterClient.cluster.putComponentTemplate.mock.calls[2][0]; - expect(componentTemplate3.name).toEqual('.alerts-ecs-mappings'); }); test('should log error and set initialized to false if adding ILM policy throws error', async () => { @@ -436,9 +433,10 @@ describe('Alerts Service', () => { rollover_alias: `.alerts-empty-default`, }, 'index.mapping.total_fields.limit': 1800, + 'index.mapping.total_fields.ignore_dynamic_beyond_limit': true, }, mappings: { - dynamic: false, + dynamic: true, }, }, }, @@ -481,7 +479,7 @@ describe('Alerts Service', () => { ); // 3x for framework, legacy-alert and ecs mappings, then 1 extra time to update component template // after updating index template field limit - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); }); }); @@ -516,14 +514,12 @@ describe('Alerts Service', () => { expect(clusterClient.ilm.putLifecycle).not.toHaveBeenCalled(); } - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); const componentTemplate1 = clusterClient.cluster.putComponentTemplate.mock.calls[0][0]; expect(componentTemplate1.name).toEqual('.alerts-framework-mappings'); const componentTemplate2 = clusterClient.cluster.putComponentTemplate.mock.calls[1][0]; expect(componentTemplate2.name).toEqual('.alerts-legacy-alert-mappings'); - const componentTemplate3 = clusterClient.cluster.putComponentTemplate.mock.calls[2][0]; - expect(componentTemplate3.name).toEqual('.alerts-ecs-mappings'); - const componentTemplate4 = clusterClient.cluster.putComponentTemplate.mock.calls[3][0]; + const componentTemplate4 = clusterClient.cluster.putComponentTemplate.mock.calls[2][0]; expect(componentTemplate4.name).toEqual('.alerts-test.alerts-mappings'); expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalledWith( @@ -576,15 +572,13 @@ describe('Alerts Service', () => { expect(clusterClient.ilm.putLifecycle).not.toHaveBeenCalled(); } - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); const componentTemplate1 = clusterClient.cluster.putComponentTemplate.mock.calls[0][0]; expect(componentTemplate1.name).toEqual('.alerts-framework-mappings'); const componentTemplate2 = clusterClient.cluster.putComponentTemplate.mock.calls[1][0]; expect(componentTemplate2.name).toEqual('.alerts-legacy-alert-mappings'); const componentTemplate3 = clusterClient.cluster.putComponentTemplate.mock.calls[2][0]; - expect(componentTemplate3.name).toEqual('.alerts-ecs-mappings'); - const componentTemplate4 = clusterClient.cluster.putComponentTemplate.mock.calls[3][0]; - expect(componentTemplate4.name).toEqual('.alerts-test.alerts-mappings'); + expect(componentTemplate3.name).toEqual('.alerts-test.alerts-mappings'); expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalledWith( getIndexTemplatePutBody({ @@ -639,15 +633,13 @@ describe('Alerts Service', () => { expect(clusterClient.ilm.putLifecycle).not.toHaveBeenCalled(); } - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); const componentTemplate1 = clusterClient.cluster.putComponentTemplate.mock.calls[0][0]; expect(componentTemplate1.name).toEqual('.alerts-framework-mappings'); const componentTemplate2 = clusterClient.cluster.putComponentTemplate.mock.calls[1][0]; expect(componentTemplate2.name).toEqual('.alerts-legacy-alert-mappings'); const componentTemplate3 = clusterClient.cluster.putComponentTemplate.mock.calls[2][0]; - expect(componentTemplate3.name).toEqual('.alerts-ecs-mappings'); - const componentTemplate4 = clusterClient.cluster.putComponentTemplate.mock.calls[3][0]; - expect(componentTemplate4.name).toEqual('.alerts-test.alerts-mappings'); + expect(componentTemplate3.name).toEqual('.alerts-test.alerts-mappings'); expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalledWith( getIndexTemplatePutBody({ useEcs: true, useDataStream: useDataStreamForAlerts }) @@ -698,7 +690,7 @@ describe('Alerts Service', () => { expect(clusterClient.ilm.putLifecycle).not.toHaveBeenCalled(); } - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); expect(clusterClient.indices.putIndexTemplate).toHaveBeenNthCalledWith( 1, getIndexTemplatePutBody({ useDataStream: useDataStreamForAlerts }) @@ -802,15 +794,13 @@ describe('Alerts Service', () => { expect(clusterClient.ilm.putLifecycle).toHaveBeenCalledWith(IlmPutBody); - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); const componentTemplate1 = clusterClient.cluster.putComponentTemplate.mock.calls[0][0]; expect(componentTemplate1.name).toEqual('.alerts-framework-mappings'); const componentTemplate2 = clusterClient.cluster.putComponentTemplate.mock.calls[1][0]; expect(componentTemplate2.name).toEqual('.alerts-legacy-alert-mappings'); const componentTemplate3 = clusterClient.cluster.putComponentTemplate.mock.calls[2][0]; - expect(componentTemplate3.name).toEqual('.alerts-ecs-mappings'); - const componentTemplate4 = clusterClient.cluster.putComponentTemplate.mock.calls[3][0]; - expect(componentTemplate4.name).toEqual('.alerts-test.alerts-mappings'); + expect(componentTemplate3.name).toEqual('.alerts-test.alerts-mappings'); expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalledWith( getIndexTemplatePutBody({ @@ -853,13 +843,11 @@ describe('Alerts Service', () => { expect(clusterClient.ilm.putLifecycle).not.toHaveBeenCalled(); } - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(2); const componentTemplate1 = clusterClient.cluster.putComponentTemplate.mock.calls[0][0]; expect(componentTemplate1.name).toEqual('.alerts-framework-mappings'); const componentTemplate2 = clusterClient.cluster.putComponentTemplate.mock.calls[1][0]; expect(componentTemplate2.name).toEqual('.alerts-legacy-alert-mappings'); - const componentTemplate3 = clusterClient.cluster.putComponentTemplate.mock.calls[2][0]; - expect(componentTemplate3.name).toEqual('.alerts-ecs-mappings'); const template = { name: `.alerts-empty.alerts-default-index-template`, @@ -886,6 +874,7 @@ describe('Alerts Service', () => { }), 'index.mapping.ignore_malformed': true, 'index.mapping.total_fields.limit': 2500, + 'index.mapping.total_fields.ignore_dynamic_beyond_limit': true, }, mappings: { _meta: { @@ -893,7 +882,7 @@ describe('Alerts Service', () => { managed: true, namespace: 'default', }, - dynamic: false, + dynamic: true, }, }, _meta: { @@ -1002,7 +991,7 @@ describe('Alerts Service', () => { expect(clusterClient.ilm.putLifecycle).toHaveBeenCalledTimes( useDataStreamForAlerts ? 0 : 1 ); - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); expect(clusterClient.indices.simulateTemplate).toHaveBeenCalled(); // putIndexTemplate is skipped but other operations are called as expected expect(clusterClient.indices.putIndexTemplate).not.toHaveBeenCalled(); @@ -1050,7 +1039,7 @@ describe('Alerts Service', () => { expect(clusterClient.ilm.putLifecycle).toHaveBeenCalledTimes( useDataStreamForAlerts ? 0 : 1 ); - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); expect(clusterClient.indices.simulateTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putIndexTemplate).not.toHaveBeenCalled(); expect(clusterClient.indices.getAlias).not.toHaveBeenCalled(); @@ -1081,7 +1070,7 @@ describe('Alerts Service', () => { expect(clusterClient.ilm.putLifecycle).toHaveBeenCalledTimes( useDataStreamForAlerts ? 0 : 1 ); - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); expect(clusterClient.indices.simulateTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalled(); expect(clusterClient.indices.getAlias).not.toHaveBeenCalled(); @@ -1113,7 +1102,7 @@ describe('Alerts Service', () => { expect(clusterClient.ilm.putLifecycle).toHaveBeenCalledTimes( useDataStreamForAlerts ? 0 : 1 ); - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); expect(clusterClient.indices.simulateTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putSettings).not.toHaveBeenCalled(); @@ -1137,7 +1126,7 @@ describe('Alerts Service', () => { expect(clusterClient.ilm.putLifecycle).toHaveBeenCalledTimes( useDataStreamForAlerts ? 0 : 1 ); - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); expect(clusterClient.indices.simulateTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putSettings).not.toHaveBeenCalled(); @@ -1173,7 +1162,7 @@ describe('Alerts Service', () => { expect(clusterClient.ilm.putLifecycle).toHaveBeenCalledTimes( useDataStreamForAlerts ? 0 : 1 ); - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); expect(clusterClient.indices.simulateTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putSettings).toHaveBeenCalled(); @@ -1207,7 +1196,7 @@ describe('Alerts Service', () => { expect(clusterClient.ilm.putLifecycle).toHaveBeenCalledTimes( useDataStreamForAlerts ? 0 : 1 ); - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); expect(clusterClient.indices.simulateTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putSettings).toHaveBeenCalled(); @@ -1248,7 +1237,7 @@ describe('Alerts Service', () => { expect(clusterClient.ilm.putLifecycle).toHaveBeenCalledTimes( useDataStreamForAlerts ? 0 : 1 ); - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); expect(clusterClient.indices.simulateTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putSettings).toHaveBeenCalled(); @@ -1279,7 +1268,7 @@ describe('Alerts Service', () => { expect(clusterClient.ilm.putLifecycle).toHaveBeenCalledTimes( useDataStreamForAlerts ? 0 : 1 ); - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); expect(clusterClient.indices.simulateTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putSettings).not.toHaveBeenCalled(); @@ -1328,7 +1317,7 @@ describe('Alerts Service', () => { ); expect(clusterClient.ilm.putLifecycle).toHaveBeenCalled(); - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); expect(clusterClient.indices.simulateTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalled(); expect(clusterClient.indices.getAlias).toHaveBeenCalled(); @@ -1364,7 +1353,7 @@ describe('Alerts Service', () => { ); expect(clusterClient.ilm.putLifecycle).toHaveBeenCalled(); - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); expect(clusterClient.indices.simulateTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putSettings).toHaveBeenCalled(); @@ -1400,7 +1389,7 @@ describe('Alerts Service', () => { expect(logger.error).toHaveBeenCalledWith(`Error creating concrete write index - fail`); expect(clusterClient.ilm.putLifecycle).toHaveBeenCalled(); - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); expect(clusterClient.indices.simulateTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putSettings).toHaveBeenCalled(); @@ -1444,7 +1433,7 @@ describe('Alerts Service', () => { expect(logger.error).toHaveBeenCalledWith(`Error creating concrete write index - fail`); expect(clusterClient.ilm.putLifecycle).toHaveBeenCalled(); - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); expect(clusterClient.indices.simulateTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalled(); expect(clusterClient.indices.getAlias).toHaveBeenCalled(); @@ -1490,7 +1479,7 @@ describe('Alerts Service', () => { expect(logger.error).toHaveBeenCalledWith(`Error creating concrete write index - fail`); expect(clusterClient.ilm.putLifecycle).toHaveBeenCalled(); - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); expect(clusterClient.indices.simulateTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalled(); expect(clusterClient.indices.getAlias).toHaveBeenCalled(); @@ -2368,7 +2357,7 @@ describe('Alerts Service', () => { 'alert service initialized', async () => alertsService.isInitialized() === true ); - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(5); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); }); test('should retry updating index template for transient ES errors', async () => { diff --git a/x-pack/plugins/alerting/server/alerts_service/alerts_service.ts b/x-pack/plugins/alerting/server/alerts_service/alerts_service.ts index 4f0ead6c54206..180c85c93a00c 100644 --- a/x-pack/plugins/alerting/server/alerts_service/alerts_service.ts +++ b/x-pack/plugins/alerting/server/alerts_service/alerts_service.ts @@ -8,7 +8,7 @@ import { isEmpty, isEqual, omit } from 'lodash'; import { Logger, ElasticsearchClient } from '@kbn/core/server'; import { filter, firstValueFrom, Observable } from 'rxjs'; -import { alertFieldMap, ecsFieldMap, legacyAlertFieldMap } from '@kbn/alerts-as-data-utils'; +import { alertFieldMap, legacyAlertFieldMap } from '@kbn/alerts-as-data-utils'; import { DEFAULT_NAMESPACE_STRING } from '@kbn/core-saved-objects-utils-server'; import { DEFAULT_ALERTS_ILM_POLICY_NAME, @@ -48,9 +48,9 @@ import { IAlertsClient } from '../alerts_client/types'; import { setAlertsToUntracked, SetAlertsToUntrackedParams } from './lib/set_alerts_to_untracked'; export const TOTAL_FIELDS_LIMIT = 2500; +export const ECS_COMPONENT_TEMPLATE_NAME = 'ecs@mappings'; const LEGACY_ALERT_CONTEXT = 'legacy-alert'; -export const ECS_CONTEXT = `ecs`; -export const ECS_COMPONENT_TEMPLATE_NAME = getComponentTemplateName({ name: ECS_CONTEXT }); + interface AlertsServiceParams { logger: Logger; pluginStop$: Observable; @@ -348,17 +348,6 @@ export class AlertsService implements IAlertsService { }), totalFieldsLimit: TOTAL_FIELDS_LIMIT, }), - () => - createOrUpdateComponentTemplate({ - logger: this.options.logger, - esClient, - template: getComponentTemplate({ - fieldMap: ecsFieldMap, - name: ECS_CONTEXT, - includeSettings: true, - }), - totalFieldsLimit: TOTAL_FIELDS_LIMIT, - }), ]; // Install in parallel @@ -414,9 +403,9 @@ export class AlertsService implements IAlertsService { // 4. Framework common component template, always included const componentTemplateRefs: string[] = []; - // If useEcs is set to true, add the ECS component template to the references + // If useEcs is set to true, add the ECS dynamic mapping template to the references if (useEcs) { - componentTemplateRefs.push(getComponentTemplateName({ name: ECS_CONTEXT })); + componentTemplateRefs.push(ECS_COMPONENT_TEMPLATE_NAME); } // If fieldMap is not empty, create a context specific component template and add to the references diff --git a/x-pack/plugins/alerting/server/alerts_service/index.ts b/x-pack/plugins/alerting/server/alerts_service/index.ts index 0b32802bdf250..7559cb744a086 100644 --- a/x-pack/plugins/alerting/server/alerts_service/index.ts +++ b/x-pack/plugins/alerting/server/alerts_service/index.ts @@ -9,7 +9,7 @@ export { DEFAULT_ALERTS_ILM_POLICY, DEFAULT_ALERTS_ILM_POLICY_NAME, } from './default_lifecycle_policy'; -export { ECS_COMPONENT_TEMPLATE_NAME, ECS_CONTEXT, TOTAL_FIELDS_LIMIT } from './alerts_service'; +export { ECS_COMPONENT_TEMPLATE_NAME, TOTAL_FIELDS_LIMIT } from './alerts_service'; export { getComponentTemplate, VALID_ALERT_INDEX_PREFIXES } from './resource_installer_utils'; export { type InitializationPromise, diff --git a/x-pack/plugins/alerting/server/alerts_service/lib/create_or_update_index_template.test.ts b/x-pack/plugins/alerting/server/alerts_service/lib/create_or_update_index_template.test.ts index 85113b768860a..d500db6e41ea5 100644 --- a/x-pack/plugins/alerting/server/alerts_service/lib/create_or_update_index_template.test.ts +++ b/x-pack/plugins/alerting/server/alerts_service/lib/create_or_update_index_template.test.ts @@ -35,7 +35,7 @@ const IndexTemplate = (namespace: string = 'default', useDataStream: boolean = f managed: true, namespace, }, - dynamic: false, + dynamic: true, }, settings: { auto_expand_replicas: '0-1', @@ -50,6 +50,7 @@ const IndexTemplate = (namespace: string = 'default', useDataStream: boolean = f }), 'index.mapping.ignore_malformed': true, 'index.mapping.total_fields.limit': 2500, + 'index.mapping.total_fields.ignore_dynamic_beyond_limit': true, }, }, priority: namespace.length, diff --git a/x-pack/plugins/alerting/server/alerts_service/lib/create_or_update_index_template.ts b/x-pack/plugins/alerting/server/alerts_service/lib/create_or_update_index_template.ts index 503e3848fa658..e1321651d285e 100644 --- a/x-pack/plugins/alerting/server/alerts_service/lib/create_or_update_index_template.ts +++ b/x-pack/plugins/alerting/server/alerts_service/lib/create_or_update_index_template.ts @@ -70,9 +70,10 @@ export const getIndexTemplate = ({ }), 'index.mapping.ignore_malformed': true, 'index.mapping.total_fields.limit': totalFieldsLimit, + 'index.mapping.total_fields.ignore_dynamic_beyond_limit': true, }, mappings: { - dynamic: false, + dynamic: true, _meta: indexMetadata, }, ...(indexPatterns.secondaryAlias diff --git a/x-pack/plugins/alerting/server/index.ts b/x-pack/plugins/alerting/server/index.ts index 2cb2c212a91ba..7a2edb14c3bbf 100644 --- a/x-pack/plugins/alerting/server/index.ts +++ b/x-pack/plugins/alerting/server/index.ts @@ -55,7 +55,6 @@ export { DEFAULT_ALERTS_ILM_POLICY, DEFAULT_ALERTS_ILM_POLICY_NAME, ECS_COMPONENT_TEMPLATE_NAME, - ECS_CONTEXT, TOTAL_FIELDS_LIMIT, VALID_ALERT_INDEX_PREFIXES, getComponentTemplate, diff --git a/x-pack/plugins/alerting/server/task_runner/task_runner_alerts_client.test.ts b/x-pack/plugins/alerting/server/task_runner/task_runner_alerts_client.test.ts index 958ecaf8d270d..9865a47ae4c76 100644 --- a/x-pack/plugins/alerting/server/task_runner/task_runner_alerts_client.test.ts +++ b/x-pack/plugins/alerting/server/task_runner/task_runner_alerts_client.test.ts @@ -470,7 +470,7 @@ describe('Task Runner', () => { expect(call.services.alertsClient?.setAlertData).toBeTruthy(); expect(call.services.scopedClusterClient).toBeTruthy(); expect(call.services).toBeTruthy(); - expect(logger.debug).toHaveBeenCalledTimes(useDataStreamForAlerts ? 9 : 10); + expect(logger.debug).toHaveBeenCalledTimes(useDataStreamForAlerts ? 8 : 9); let debugCall = 1; expect(logger.debug).nthCalledWith( @@ -494,10 +494,6 @@ describe('Task Runner', () => { debugCall++, 'Installing component template .alerts-legacy-alert-mappings' ); - expect(logger.debug).nthCalledWith( - debugCall++, - 'Installing component template .alerts-ecs-mappings' - ); expect(logger.debug).nthCalledWith( debugCall++, 'deprecated ruleRunStatus for test:1: {"lastExecutionDate":"1970-01-01T00:00:00.000Z","status":"ok"}', diff --git a/x-pack/plugins/rule_registry/server/rule_data_plugin_service/resource_installer.test.ts b/x-pack/plugins/rule_registry/server/rule_data_plugin_service/resource_installer.test.ts index d2011139adbb7..3bacb59b97745 100644 --- a/x-pack/plugins/rule_registry/server/rule_data_plugin_service/resource_installer.test.ts +++ b/x-pack/plugins/rule_registry/server/rule_data_plugin_service/resource_installer.test.ts @@ -17,7 +17,6 @@ import { import { Dataset } from './index_options'; import { IndexInfo } from './index_info'; -import { ECS_COMPONENT_TEMPLATE_NAME } from '@kbn/alerting-plugin/server'; import type { DataStreamAdapter } from '@kbn/alerting-plugin/server'; import { getDataStreamAdapter } from '@kbn/alerting-plugin/server/alerts_service/lib/data_stream_adapter'; @@ -148,13 +147,9 @@ describe('resourceInstaller', () => { expect(mockClusterClient.ilm.putLifecycle).toHaveBeenCalledTimes( useDataStreamForAlerts ? 0 : 1 ); - expect(mockClusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(2); + expect(mockClusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(1); expect(mockClusterClient.cluster.putComponentTemplate).toHaveBeenNthCalledWith( 1, - expect.objectContaining({ name: ECS_COMPONENT_TEMPLATE_NAME }) - ); - expect(mockClusterClient.cluster.putComponentTemplate).toHaveBeenNthCalledWith( - 2, expect.objectContaining({ name: TECHNICAL_COMPONENT_TEMPLATE_NAME }) ); }); diff --git a/x-pack/plugins/rule_registry/server/rule_data_plugin_service/resource_installer.ts b/x-pack/plugins/rule_registry/server/rule_data_plugin_service/resource_installer.ts index 2a6533d7e1002..a576421f69d75 100644 --- a/x-pack/plugins/rule_registry/server/rule_data_plugin_service/resource_installer.ts +++ b/x-pack/plugins/rule_registry/server/rule_data_plugin_service/resource_installer.ts @@ -15,7 +15,6 @@ import { createOrUpdateIndexTemplate, DEFAULT_ALERTS_ILM_POLICY, DEFAULT_ALERTS_ILM_POLICY_NAME, - ECS_COMPONENT_TEMPLATE_NAME, getIndexTemplate, installWithTimeout, TOTAL_FIELDS_LIMIT, @@ -25,7 +24,6 @@ import { } from '@kbn/alerting-plugin/server'; import { TECHNICAL_COMPONENT_TEMPLATE_NAME } from '../../common/assets'; import { technicalComponentTemplate } from '../../common/assets/component_templates/technical_component_template'; -import { ecsComponentTemplate } from '../../common/assets/component_templates/ecs_component_template'; import type { IndexInfo } from './index_info'; interface ConstructorOptions { @@ -89,15 +87,6 @@ export class ResourceInstaller { policy: DEFAULT_ALERTS_ILM_POLICY, dataStreamAdapter: this.options.dataStreamAdapter, }), - createOrUpdateComponentTemplate({ - logger, - esClient: clusterClient, - template: { - name: ECS_COMPONENT_TEMPLATE_NAME, - body: ecsComponentTemplate, - }, - totalFieldsLimit: TOTAL_FIELDS_LIMIT, - }), ]), createOrUpdateComponentTemplate({ logger,