From b3089fa0d46e998c60a3fa17e41377d44c00274a Mon Sep 17 00:00:00 2001 From: nsano-rururu Date: Wed, 1 Jan 2025 02:24:14 +0900 Subject: [PATCH 1/2] Kibana Discover support kibana 8.17 --- docs/source/ruletypes.rst | 2 +- elastalert/kibana_discover.py | 2 +- tests/kibana_discover_test.py | 41 ++++++++++++++++++----------------- 3 files changed, 23 insertions(+), 22 deletions(-) diff --git a/docs/source/ruletypes.rst b/docs/source/ruletypes.rst index 2f942b86..16502b7f 100644 --- a/docs/source/ruletypes.rst +++ b/docs/source/ruletypes.rst @@ -757,7 +757,7 @@ kibana_discover_version The currently supported versions of Kibana Discover are: - `7.0`, `7.1`, `7.2`, `7.3`, `7.4`, `7.5`, `7.6`, `7.7`, `7.8`, `7.9`, `7.10`, `7.11`, `7.12`, `7.13`, `7.14`, `7.15`, `7.16`, `7.17` -- `8.0`, `8.1`, `8.2`, `8.3`, `8.4`, `8.5`, `8.6`, `8.7`, `8.8`, `8.9` , `8.10` , `8.11` , `8.12` , `8.13`, `8.14`, `8.15`, `8.16` +- `8.0`, `8.1`, `8.2`, `8.3`, `8.4`, `8.5`, `8.6`, `8.7`, `8.8`, `8.9` , `8.10` , `8.11` , `8.12` , `8.13`, `8.14`, `8.15`, `8.16`, `8.17` ``kibana_discover_version: '7.15'`` diff --git a/elastalert/kibana_discover.py b/elastalert/kibana_discover.py index cafac7da..292df384 100644 --- a/elastalert/kibana_discover.py +++ b/elastalert/kibana_discover.py @@ -16,7 +16,7 @@ kibana_versions = frozenset([ '7.0', '7.1', '7.2', '7.3', '7.4', '7.5', '7.6', '7.7', '7.8', '7.9', '7.10', '7.11', '7.12', '7.13', '7.14', '7.15', '7.16', '7.17', - '8.0', '8.1', '8.2', '8.3', '8.4', '8.5', '8.6', '8.7', '8.8', '8.9', '8.10', '8.11', '8.12', '8.13', '8.14', '8.15', '8.16' + '8.0', '8.1', '8.2', '8.3', '8.4', '8.5', '8.6', '8.7', '8.8', '8.9', '8.10', '8.11', '8.12', '8.13', '8.14', '8.15', '8.16', '8.17' ]) def generate_kibana_discover_url(rule, match): diff --git a/tests/kibana_discover_test.py b/tests/kibana_discover_test.py index d978ac77..7b1e981e 100644 --- a/tests/kibana_discover_test.py +++ b/tests/kibana_discover_test.py @@ -39,7 +39,8 @@ '8.13', '8.14', '8.15', - '8.16' + '8.16', + '8.17' ]) def test_generate_kibana_discover_url_with_kibana_7x(kibana_version): url = generate_kibana_discover_url( @@ -77,7 +78,7 @@ def test_generate_kibana_discover_url_with_relative_kibana_discover_app_url(): url = generate_kibana_discover_url( rule={ 'kibana_discover_app_url': 'app/discover#/', - 'kibana_discover_version': '8.16', + 'kibana_discover_version': '8.17', 'kibana_discover_index_pattern_id': '620ad0e6-43df-4557-bda2-384960fa9086', 'timestamp_field': 'timestamp' }, @@ -123,7 +124,7 @@ def test_generate_kibana_discover_url_with_missing_kibana_discover_version(): def test_generate_kibana_discover_url_with_missing_kibana_discover_app_url(): url = generate_kibana_discover_url( rule={ - 'kibana_discover_version': '8.16', + 'kibana_discover_version': '8.17', 'kibana_discover_index_pattern_id': 'logs', 'timestamp_field': 'timestamp', 'name': 'test' @@ -139,7 +140,7 @@ def test_generate_kibana_discover_url_with_missing_kibana_discover_index_pattern url = generate_kibana_discover_url( rule={ 'kibana_discover_app_url': 'http://kibana:5601/#/discover', - 'kibana_discover_version': '8.16', + 'kibana_discover_version': '8.17', 'timestamp_field': 'timestamp', 'name': 'test' }, @@ -173,7 +174,7 @@ def test_generate_kibana_discover_url_with_kibana_discover_app_url_env_substitut url = generate_kibana_discover_url( rule={ 'kibana_discover_app_url': 'http://$KIBANA_HOST:$KIBANA_PORT/#/discover', - 'kibana_discover_version': '8.16', + 'kibana_discover_version': '8.17', 'kibana_discover_index_pattern_id': 'd6cabfb6-aaef-44ea-89c5-600e9a76991a', 'timestamp_field': 'timestamp' }, @@ -205,7 +206,7 @@ def test_generate_kibana_discover_url_with_from_timedelta(): url = generate_kibana_discover_url( rule={ 'kibana_discover_app_url': 'http://kibana:5601/#/discover', - 'kibana_discover_version': '8.16', + 'kibana_discover_version': '8.17', 'kibana_discover_index_pattern_id': 'd6cabfb6-aaef-44ea-89c5-600e9a76991a', 'kibana_discover_from_timedelta': timedelta(hours=1), 'timestamp_field': 'timestamp' @@ -238,7 +239,7 @@ def test_generate_kibana_discover_url_with_from_timedelta_and_timeframe(): url = generate_kibana_discover_url( rule={ 'kibana_discover_app_url': 'http://kibana:5601/#/discover', - 'kibana_discover_version': '8.16', + 'kibana_discover_version': '8.17', 'kibana_discover_index_pattern_id': 'd6cabfb6-aaef-44ea-89c5-600e9a76991a', 'kibana_discover_from_timedelta': timedelta(hours=1), 'timeframe': timedelta(minutes=20), @@ -272,7 +273,7 @@ def test_generate_kibana_discover_url_with_to_timedelta(): url = generate_kibana_discover_url( rule={ 'kibana_discover_app_url': 'http://kibana:5601/#/discover', - 'kibana_discover_version': '8.16', + 'kibana_discover_version': '8.17', 'kibana_discover_index_pattern_id': 'd6cabfb6-aaef-44ea-89c5-600e9a76991a', 'kibana_discover_to_timedelta': timedelta(hours=1), 'timestamp_field': 'timestamp' @@ -305,7 +306,7 @@ def test_generate_kibana_discover_url_with_to_timedelta_and_timeframe(): url = generate_kibana_discover_url( rule={ 'kibana_discover_app_url': 'http://kibana:5601/#/discover', - 'kibana_discover_version': '8.16', + 'kibana_discover_version': '8.17', 'kibana_discover_index_pattern_id': 'd6cabfb6-aaef-44ea-89c5-600e9a76991a', 'kibana_discover_to_timedelta': timedelta(hours=1), 'timeframe': timedelta(minutes=20), @@ -339,7 +340,7 @@ def test_generate_kibana_discover_url_with_timeframe(): url = generate_kibana_discover_url( rule={ 'kibana_discover_app_url': 'http://kibana:5601/#/discover', - 'kibana_discover_version': '8.16', + 'kibana_discover_version': '8.17', 'kibana_discover_index_pattern_id': 'd6cabfb6-aaef-44ea-89c5-600e9a76991a', 'timeframe': timedelta(minutes=20), 'timestamp_field': 'timestamp' @@ -372,7 +373,7 @@ def test_generate_kibana_discover_url_with_custom_columns(): url = generate_kibana_discover_url( rule={ 'kibana_discover_app_url': 'http://kibana:5601/#/discover', - 'kibana_discover_version': '8.16', + 'kibana_discover_version': '8.17', 'kibana_discover_index_pattern_id': 'logs-*', 'kibana_discover_columns': ['level', 'message'], 'timestamp_field': 'timestamp' @@ -405,7 +406,7 @@ def test_generate_kibana_discover_url_with_single_filter(): url = generate_kibana_discover_url( rule={ 'kibana_discover_app_url': 'http://kibana:5601/#/discover', - 'kibana_discover_version': '8.16', + 'kibana_discover_version': '8.17', 'kibana_discover_index_pattern_id': 'logs-*', 'timestamp_field': 'timestamp', 'filter': [ @@ -456,7 +457,7 @@ def test_generate_kibana_discover_url_with_multiple_filters(): url = generate_kibana_discover_url( rule={ 'kibana_discover_app_url': 'http://kibana:5601/#/discover', - 'kibana_discover_version': '8.16', + 'kibana_discover_version': '8.17', 'kibana_discover_index_pattern_id': '90943e30-9a47-11e8-b64d-95841ca0b247', 'timestamp_field': 'timestamp', 'filter': [ @@ -510,7 +511,7 @@ def test_generate_kibana_discover_url_with_int_query_key(): url = generate_kibana_discover_url( rule={ 'kibana_discover_app_url': 'http://kibana:5601/#/discover', - 'kibana_discover_version': '8.16', + 'kibana_discover_version': '8.17', 'kibana_discover_index_pattern_id': 'logs-*', 'timestamp_field': 'timestamp', 'query_key': 'geo.dest' @@ -570,7 +571,7 @@ def test_generate_kibana_discover_url_with_str_query_key(): url = generate_kibana_discover_url( rule={ 'kibana_discover_app_url': 'http://kibana:5601/#/discover', - 'kibana_discover_version': '8.16', + 'kibana_discover_version': '8.17', 'kibana_discover_index_pattern_id': 'logs-*', 'timestamp_field': 'timestamp', 'query_key': 'geo.dest' @@ -632,7 +633,7 @@ def test_generate_kibana_discover_url_with_null_query_key_value(): url = generate_kibana_discover_url( rule={ 'kibana_discover_app_url': 'http://kibana:5601/#/discover', - 'kibana_discover_version': '8.16', + 'kibana_discover_version': '8.17', 'kibana_discover_index_pattern_id': 'logs-*', 'timestamp_field': 'timestamp', 'query_key': 'status' @@ -682,7 +683,7 @@ def test_generate_kibana_discover_url_with_missing_query_key_value(): url = generate_kibana_discover_url( rule={ 'kibana_discover_app_url': 'http://kibana:5601/#/discover', - 'kibana_discover_version': '8.16', + 'kibana_discover_version': '8.17', 'kibana_discover_index_pattern_id': 'logs-*', 'timestamp_field': 'timestamp', 'query_key': 'status' @@ -731,7 +732,7 @@ def test_generate_kibana_discover_url_with_compound_query_key(): url = generate_kibana_discover_url( rule={ 'kibana_discover_app_url': 'http://kibana:5601/#/discover', - 'kibana_discover_version': '8.16', + 'kibana_discover_version': '8.17', 'kibana_discover_index_pattern_id': 'logs-*', 'timestamp_field': 'timestamp', 'compound_query_key': ['geo.src', 'geo.dest'], @@ -819,7 +820,7 @@ def test_generate_kibana_discover_url_with_filter_and_query_key(): url = generate_kibana_discover_url( rule={ 'kibana_discover_app_url': 'http://kibana:5601/#/discover', - 'kibana_discover_version': '8.16', + 'kibana_discover_version': '8.17', 'kibana_discover_index_pattern_id': 'logs-*', 'timestamp_field': 'timestamp', 'filter': [ @@ -896,7 +897,7 @@ def test_generate_kibana_discover_url_with_querystring_filter_and_query_key(): url = generate_kibana_discover_url( rule={ 'kibana_discover_app_url': 'http://kibana:5601/#/discover', - 'kibana_discover_version': '8.16', + 'kibana_discover_version': '8.17', 'kibana_discover_index_pattern_id': 'logs-*', 'timestamp_field': 'timestamp', 'filter': [ From 030e4515ac17a12123148fb5d671c155ecb2591c Mon Sep 17 00:00:00 2001 From: nsano-rururu Date: Wed, 1 Jan 2025 02:28:03 +0900 Subject: [PATCH 2/2] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5893fafe..1f2865b9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ ## Other changes - [Docs] Add missing documentation of the `aggregation_alert_time_compared_with_timestamp_field` option. - [#1588](https://github.com/jertel/elastalert2/pull/1588) - @nicolasnovelli - Fix linter error reporting about return type assignation in `elastalert/test_rule.py`. - [#1594](https://github.com/jertel/elastalert2/pull/1594) - @thican +- Add support for Kibana 8.17 for Kibana Discover - [#1597](https://github.com/jertel/elastalert2/pull/1597) - @nsano-rururu # 2.22.0