Skip to content

Commit

Permalink
Document 'execution_summary' response part of detection APIs (#1900)
Browse files Browse the repository at this point in the history 
* Document 'execution_summary' response part of detection APIs

* Apply suggestions

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>
Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com>
  • Loading branch information
@xcrzx @joepeeples @jmikell821
3 people authored May 3, 2022
1 parent a67d6ca commit 70e0628
Show file tree
Hide file tree
Showing 4 changed files with 79 additions and 12 deletions.
46 changes: 34 additions & 12 deletions docs/detections/api/rules/rules-api-bulk-actions.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -337,12 +337,7 @@ For `enable`, `disable`, `delete`, `edit`, and `duplicate` actions, a JSON objec
"Elastic",
"Network",
"Threat Detection",
"ML",
"777",
"888",
"nine-nine-seven",
"test",
"test-2"
"ML"
],
"interval":"15m",
"enabled":true,
Expand Down Expand Up @@ -386,7 +381,20 @@ For `enable`, `disable`, `delete`, `edit`, and `duplicate` actions, a JSON objec
"throttle":"no_actions",
"actions":[
]
],
"execution_summary": { <1>
"last_execution": {
"date": "2022-03-23T16:06:12.787Z",
"status": "partial failure",
"status_order": 20,
"message": "This rule attempted to query data from Elasticsearch indices listed in the \"Index pattern\" section of the rule definition, but no matching index was found.",
"metrics": {
"total_search_duration_ms": 135,
"total_indexing_duration_ms": 15,
"execution_gap_duration_s": 0,
}
}
}
}
],
"created":[
Expand All @@ -405,6 +413,8 @@ For `enable`, `disable`, `delete`, `edit`, and `duplicate` actions, a JSON objec
}
--------------------------------------------------

<1> dev:[] `execution_summary` is under development and its schema may change.


For an `export` action, an `.ndjson` file containing exported rules.

Expand Down Expand Up @@ -472,10 +482,7 @@ If processing of any rule fails, a partial error outputs the ID and/or name of t
"Windows",
"APM",
"macOS",
"Linux",
"777",
"888",
"nine-nine-seven"
"Linux"
],
"interval": "5m",
"enabled": true,
Expand Down Expand Up @@ -546,7 +553,20 @@ If processing of any rule fails, a partial error outputs the ID and/or name of t
],
"query": "event.kind:alert and not event.module:(endgame or endpoint)\n",
"throttle": "no_actions",
"actions": []
"actions": [],
"execution_summary": { <1>
"last_execution": {
"date": "2022-03-23T16:06:12.787Z",
"status": "partial failure",
"status_order": 20,
"message": "This rule attempted to query data from Elasticsearch indices listed in the \"Index pattern\" section of the rule definition, but no matching index was found.",
"metrics": {
"total_search_duration_ms": 135,
"total_indexing_duration_ms": 15,
"execution_gap_duration_s": 0,
}
}
}
}
],
"created": [],
Expand All @@ -560,3 +580,5 @@ If processing of any rule fails, a partial error outputs the ID and/or name of t
}
}
--------------------------------------------------

<1> dev:[] `execution_summary` is under development and its schema may change.
15 changes: 15 additions & 0 deletions docs/detections/api/rules/rules-api-find.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,10 +117,25 @@ Example response:
]
}
],
"execution_summary": { <1>
"last_execution": {
"date": "2022-03-23T16:06:12.787Z",
"status": "partial failure",
"status_order": 20,
"message": "This rule attempted to query data from Elasticsearch indices listed in the \"Index pattern\" section of the rule definition, but no matching index was found.",
"metrics": {
"total_search_duration_ms": 135,
"total_indexing_duration_ms": 15,
"execution_gap_duration_s": 0,
}
}
},
"version": 1
},
...
]
}
--------------------------------------------------

<1> dev:[] `execution_summary` is under development and its schema may change.
15 changes: 15 additions & 0 deletions docs/detections/api/rules/rules-api-get.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,22 @@ Example response:
]
}
],
"execution_summary": { <1>
"last_execution": {
"date": "2022-03-23T16:06:12.787Z",
"status": "partial failure",
"status_order": 20,
"message": "This rule attempted to query data from Elasticsearch indices listed in the \"Index pattern\" section of the rule definition, but no matching index was found.",
"metrics": {
"total_search_duration_ms": 135,
"total_indexing_duration_ms": 15,
"execution_gap_duration_s": 0,
}
}
},
"version": 1
}
--------------------------------------------------

<1> dev:[] `execution_summary` is under development and its schema may change.
15 changes: 15 additions & 0 deletions docs/detections/api/rules/rules-api-update.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -510,6 +510,21 @@ Example response:
]
}
],
"execution_summary": { <1>
"last_execution": {
"date": "2022-03-23T16:06:12.787Z",
"status": "partial failure",
"status_order": 20,
"message": "This rule attempted to query data from Elasticsearch indices listed in the \"Index pattern\" section of the rule definition, but no matching index was found.",
"metrics": {
"total_search_duration_ms": 135,
"total_indexing_duration_ms": 15,
"execution_gap_duration_s": 0,
}
}
},
"version": 2
}
--------------------------------------------------

<1> dev:[] `execution_summary` is under development and its schema may change.

0 comments on commit 70e0628

Please sign in to comment.