[ResponseOps] Elasticsearch Query rule: handle is_partial in ES|QL queries
#209408
Labels
Feature:Alerting/RuleTypes
Issues related to specific Alerting Rules Types
Feature:Alerting
Team:ResponseOps
Label for the ResponseOps team (formerly the Cases and Alerting teams)
Comments
pmuellr
added
Feature:Alerting
Feature:Alerting/RuleTypes
|
Pinging @elastic/response-ops (Team:ResponseOps) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
From https://elasticco.atlassian.net/browse/ES-8808, ES|QL results will start coming back with an
is_partialflag set, if for some reason the query could not be completed but there are some results. The information about skipped clusters will come back in the_clustersmetadata property.My guess is, that because the info is coming back in the
_clustersmetadata, we're already handling it with the code we merged here: PR #189312We should check to see if this is true (wonder how we can check?). We may want to also actually check the
is_partialfield explicitly here, as it sounds like it may be used in the future in other cases.If this works with the existing code, the rule would process the returned (partial) results but generate a warning. I assume that behavior is still what we want ...
The text was updated successfully, but these errors were encountered: