Madison Caldwell
5b0e283bcc
[Security Solution][Detections][Threshold Rules] Threshold multiple aggregations with cardinality (#90826)
* Remove unnecessary spreads
* Layout, round 1
* Revert "Layout, round 1"
This reverts commit b73b34acd5
.
* Make threshold field an array
* Add cardinality fields
* Fix validation schema
* Query for multi-aggs
* Finish multi-agg aggregation
* Translate to multi-agg buckets
* Fix existing tests and add new test skeletons
* clean up
* Fix types
* Fix threshold_result data structure
* previous signals filter
* Fix previous signal detection
* Finish previous signal parsing
* tying up loose ends
* Fix timeline view for multi-agg threshold signals
* Fix build_bulk_body tests
* test fixes
* Add test for threshold bucket filters
* Address comments
* Fixing schema errors
* Remove unnecessary comment
* Fix tests
* Fix types
* linting
* linting
* Fixes
* Handle pre-7.12 threshold format in timeline view
* missing null check
* adding in follow-up pr
* Handle pre-7.12 filters
* unnecessary change
* Revert "unnecessary change"
This reverts commit 3edc7f2f2a
.
* linting
* Fix rule schemas
* Fix tests
Co-authored-by: Marshall Main <marshall.main@elastic.co>