diff --git a/x-pack/plugins/actions/server/lib/action_executor.ts b/x-pack/plugins/actions/server/lib/action_executor.ts index 59f8f3747273..101e18f2583e 100644 --- a/x-pack/plugins/actions/server/lib/action_executor.ts +++ b/x-pack/plugins/actions/server/lib/action_executor.ts @@ -140,13 +140,18 @@ export class ActionExecutor { status: 'ok', }; + event.event = event.event || {}; + if (result.status === 'ok') { + event.event.outcome = 'success'; event.message = `action executed: ${actionLabel}`; } else if (result.status === 'error') { + event.event.outcome = 'failure'; event.message = `action execution failure: ${actionLabel}`; event.error = event.error || {}; event.error.message = actionErrorToMessage(result); } else { + event.event.outcome = 'failure'; event.message = `action execution returned unexpected result: ${actionLabel}`; event.error = event.error || {}; event.error.message = 'action execution returned unexpected result'; diff --git a/x-pack/plugins/alerting/server/task_runner/task_runner.test.ts b/x-pack/plugins/alerting/server/task_runner/task_runner.test.ts index 8b14199b7276..26d8a1d1777c 100644 --- a/x-pack/plugins/alerting/server/task_runner/task_runner.test.ts +++ b/x-pack/plugins/alerting/server/task_runner/task_runner.test.ts @@ -165,6 +165,7 @@ describe('Task Runner', () => { Object { "event": Object { "action": "execute", + "outcome": "success", }, "kibana": Object { "saved_objects": Array [ @@ -226,6 +227,7 @@ describe('Task Runner', () => { Object { "event": Object { "action": "execute", + "outcome": "success", }, "kibana": Object { "saved_objects": Array [ @@ -342,6 +344,7 @@ describe('Task Runner', () => { Object { "event": Object { "action": "execute", + "outcome": "success", }, "kibana": Object { "saved_objects": Array [ @@ -558,6 +561,7 @@ describe('Task Runner', () => { }, "event": Object { "action": "execute", + "outcome": "failure", }, "kibana": Object { "saved_objects": Array [ diff --git a/x-pack/plugins/alerting/server/task_runner/task_runner.ts b/x-pack/plugins/alerting/server/task_runner/task_runner.ts index 9c8cf4b1c968..26970dc6b2b0 100644 --- a/x-pack/plugins/alerting/server/task_runner/task_runner.ts +++ b/x-pack/plugins/alerting/server/task_runner/task_runner.ts @@ -202,12 +202,16 @@ export class TaskRunner { event.message = `alert execution failure: ${alertLabel}`; event.error = event.error || {}; event.error.message = err.message; + event.event = event.event || {}; + event.event.outcome = 'failure'; eventLogger.logEvent(event); throw err; } eventLogger.stopTiming(event); event.message = `alert executed: ${alertLabel}`; + event.event = event.event || {}; + event.event.outcome = 'success'; eventLogger.logEvent(event); // Cleanup alert instances that are no longer scheduling actions to avoid over populating the alertInstances object diff --git a/x-pack/plugins/event_log/generated/mappings.json b/x-pack/plugins/event_log/generated/mappings.json index 9c1dff60f972..f487e9262e50 100644 --- a/x-pack/plugins/event_log/generated/mappings.json +++ b/x-pack/plugins/event_log/generated/mappings.json @@ -41,6 +41,10 @@ }, "end": { "type": "date" + }, + "outcome": { + "ignore_above": 1024, + "type": "keyword" } } }, diff --git a/x-pack/plugins/event_log/generated/schemas.ts b/x-pack/plugins/event_log/generated/schemas.ts index 5e93f320c009..9c923fe77d03 100644 --- a/x-pack/plugins/event_log/generated/schemas.ts +++ b/x-pack/plugins/event_log/generated/schemas.ts @@ -41,6 +41,7 @@ export const EventSchema = schema.maybe( start: ecsDate(), duration: ecsNumber(), end: ecsDate(), + outcome: ecsString(), }) ), error: schema.maybe( diff --git a/x-pack/plugins/event_log/scripts/mappings.js b/x-pack/plugins/event_log/scripts/mappings.js index de3c9d631fbc..8cc2c74b60e5 100644 --- a/x-pack/plugins/event_log/scripts/mappings.js +++ b/x-pack/plugins/event_log/scripts/mappings.js @@ -53,6 +53,7 @@ exports.EcsEventLogProperties = [ 'event.start', 'event.duration', 'event.end', + 'event.outcome', // optional, but one of failure, success, unknown 'error.message', 'user.name', 'kibana.server_uuid',