/*! Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one or more contributor license agreements. * Licensed under the Elastic License 2.0; you may not use this file except in compliance with the Elastic License 2.0. */ (window.stackAlerts_bundle_jsonpfunction=window.stackAlerts_bundle_jsonpfunction||[]).push([[1],{27:function(e,t,s){"use strict";var r,a=function(){var e={};return function(t){if(void 0===e[t]){var s=document.querySelector(t);if(window.HTMLIFrameElement&&s instanceof window.HTMLIFrameElement)try{s=s.contentDocument.head}catch(e){s=null}e[t]=s}return e[t]}}(),i=[];function o(e){for(var t=-1,s=0;s{const{http:b}=Object(l.useKibana)().services,[h,j]=Object(r.useState)(!1),[m,y]=Object(r.useState)([]),[O,x]=Object(r.useState)(!1),[f,E]=Object(r.useState)([c.firstFieldOption]),S=Object(i.debounce)((async e=>{x(!0),y(await Object(c.getIndexOptions)(b,e)),x(!1)}),250);Object(r.useEffect)((()=>{const e=Object(c.getTimeFieldOptions)(t);E([c.firstFieldOption,...e])}),[t]);const T=()=>{j(!1),void 0===s&&g("")};return Object(u.jsx)(n.EuiPopover,{id:"indexPopover",button:Object(u.jsx)(n.EuiExpression,{display:"columns","data-test-subj":"selectIndexExpression",description:a.i18n.translate("xpack.stackAlerts.components.ui.alertParams.indexLabel",{defaultMessage:"index"}),value:e&&e.length>0?(e=>{const t=e.map(((t,s)=>Object(u.jsx)("p",{key:s},t,s{j(!0)},isInvalid:!(e&&e.length>0&&""!==s)}),isOpen:h,closePopover:T,ownFocus:!0,anchorPosition:"downLeft",zIndex:8e3,display:"block"},Object(u.jsx)("div",{style:{width:"450px"}},Object(u.jsx)(n.EuiPopoverTitle,null,Object(u.jsx)(n.EuiFlexGroup,{alignItems:"center",gutterSize:"s"},Object(u.jsx)(n.EuiFlexItem,null,a.i18n.translate("xpack.stackAlerts.components.ui.alertParams.indexButtonLabel",{defaultMessage:"index"})),Object(u.jsx)(n.EuiFlexItem,{grow:!1},Object(u.jsx)(n.EuiButtonIcon,{"data-test-subj":"closePopover",iconType:"cross",color:"danger","aria-label":a.i18n.translate("xpack.stackAlerts.components.ui.alertParams.closeIndexPopoverLabel",{defaultMessage:"Close"}),onClick:T})))),Object(u.jsx)(n.EuiFormRow,{id:"indexSelectSearchBox",fullWidth:!0,label:Object(u.jsx)(o.FormattedMessage,{id:"xpack.stackAlerts.components.ui.alertParams.indicesToQueryLabel",defaultMessage:"Indices to query"}),isInvalid:d.index.length>0&&null!=e&&e.length>0,error:d.index,helpText:Object(u.jsx)(o.FormattedMessage,{id:"xpack.stackAlerts.components.ui.alertParams.howToBroadenSearchQueryDescription",defaultMessage:"Use * to broaden your query."})},Object(u.jsx)(n.EuiComboBox,{fullWidth:!0,async:!0,isLoading:O,isInvalid:d.index.length>0&&null!=e&&e.length>0,noSuggestions:!m.length,options:m,"data-test-subj":"thresholdIndexesComboBox",selectedOptions:(e||[]).map((e=>({label:e,value:e}))),onChange:async e=>{const t=e.map((e=>e.value)).filter(i.isString);if(p(t),0===t.length)E([c.firstFieldOption]);else{const e=await Object(c.getFields)(b,t),s=Object(c.getTimeFieldOptions)(e);E([c.firstFieldOption,...s])}},onSearchChange:S,onBlur:()=>{e||p([])}})),Object(u.jsx)(n.EuiFormRow,{id:"thresholdTimeField",fullWidth:!0,label:Object(u.jsx)(o.FormattedMessage,{id:"xpack.stackAlerts.components.ui.alertParams.timeFieldLabel",defaultMessage:"Time field"}),isInvalid:d.timeField.length>0&&void 0!==s,error:d.timeField},Object(u.jsx)(n.EuiSelect,{options:f,isInvalid:d.timeField.length>0&&void 0!==s,fullWidth:!0,name:"thresholdTimeField","data-test-subj":"thresholdAlertTimeFieldSelect",value:s||"",onChange:e=>{g(e.target.value)},onBlur:()=>{void 0===s&&g("")}}))))}},33:function(e,t,s){"use strict";e.exports=function e(t,s){if(t===s)return!0;if(t&&s&&"object"==typeof t&&"object"==typeof s){if(t.constructor!==s.constructor)return!1;var r,a,i;if(Array.isArray(t)){if((r=t.length)!=s.length)return!1;for(a=r;0!=a--;)if(!e(t[a],s[a]))return!1;return!0}if(t.constructor===RegExp)return t.source===s.source&&t.flags===s.flags;if(t.valueOf!==Object.prototype.valueOf)return t.valueOf()===s.valueOf();if(t.toString!==Object.prototype.toString)return t.toString()===s.toString();if((r=(i=Object.keys(t)).length)!==Object.keys(s).length)return!1;for(a=r;0!=a--;)if(!Object.prototype.hasOwnProperty.call(s,i[a]))return!1;for(a=r;0!=a--;){var o=i[a];if(!e(t[o],s[o]))return!1}return!0}return t!=t&&s!=s}},44:function(e,t){ace.define("ace/theme/github",["require","exports","module","ace/lib/dom"],(function(e,t,s){t.isDark=!1,t.cssClass="ace-github",t.cssText='.ace-github .ace_gutter {background: #e8e8e8;color: #AAA;}.ace-github {background: #fff;color: #000;}.ace-github .ace_keyword {font-weight: bold;}.ace-github .ace_string {color: #D14;}.ace-github .ace_variable.ace_class {color: teal;}.ace-github .ace_constant.ace_numeric {color: #099;}.ace-github .ace_constant.ace_buildin {color: #0086B3;}.ace-github .ace_support.ace_function {color: #0086B3;}.ace-github .ace_comment {color: #998;font-style: italic;}.ace-github .ace_variable.ace_language {color: #0086B3;}.ace-github .ace_paren {font-weight: bold;}.ace-github .ace_boolean {font-weight: bold;}.ace-github .ace_string.ace_regexp {color: #009926;font-weight: normal;}.ace-github .ace_variable.ace_instance {color: teal;}.ace-github .ace_constant.ace_language {font-weight: bold;}.ace-github .ace_cursor {color: black;}.ace-github.ace_focus .ace_marker-layer .ace_active-line {background: rgb(255, 255, 204);}.ace-github .ace_marker-layer .ace_active-line {background: rgb(245, 245, 245);}.ace-github .ace_marker-layer .ace_selection {background: rgb(181, 213, 255);}.ace-github.ace_multiselect .ace_selection.ace_start {box-shadow: 0 0 3px 0px white;}.ace-github.ace_nobold .ace_line > span {font-weight: normal !important;}.ace-github .ace_marker-layer .ace_step {background: rgb(252, 255, 0);}.ace-github .ace_marker-layer .ace_stack {background: rgb(164, 229, 101);}.ace-github .ace_marker-layer .ace_bracket {margin: -1px 0 0 -1px;border: 1px solid rgb(192, 192, 192);}.ace-github .ace_gutter-active-line {background-color : rgba(0, 0, 0, 0.07);}.ace-github .ace_marker-layer .ace_selected-word {background: rgb(250, 250, 255);border: 1px solid rgb(200, 200, 250);}.ace-github .ace_invisible {color: #BFBFBF}.ace-github .ace_print-margin {width: 1px;background: #e8e8e8;}.ace-github .ace_indent-guide {background: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAACCAYAAACZgbYnAAAAE0lEQVQImWP4////f4bLly//BwAmVgd1/w11/gAAAABJRU5ErkJggg==") right repeat-y;}',e("../lib/dom").importCssString(t.cssText,t.cssClass)}))},45:function(e,t,s){switch(window.__kbnThemeTag__){case"v8dark":return s(46);case"v8light":return s(48)}},46:function(e,t,s){var r=s(27),a=s(47);"string"==typeof(a=a.__esModule?a.default:a)&&(a=[[e.i,a,""]]);r(a,{insert:"head",singleton:!1}),e.exports=a.locals||{}},47:function(e,t,s){(t=s(28)(!1)).push([e.i,".searchSourceAlertFilters .euiExpression__value{width:80%}.dscExpressionParam.euiExpression{margin-left:0}",""]),e.exports=t},48:function(e,t,s){var r=s(27),a=s(49);"string"==typeof(a=a.__esModule?a.default:a)&&(a=[[e.i,a,""]]);r(a,{insert:"head",singleton:!1}),e.exports=a.locals||{}},49:function(e,t,s){(t=s(28)(!1)).push([e.i,".searchSourceAlertFilters .euiExpression__value{width:80%}.dscExpressionParam.euiExpression{margin-left:0}",""]),e.exports=t},50:function(e,t,s){"use strict";s.r(t);var r=s(30),a=s.n(r),i=s(2),o=s.n(i),n=s(33),l=s.n(n),c=(s(44),s(4)),u=s(0);let d;s(45),function(e){e.esQuery="esQuery",e.searchSource="searchSource"}(d||(d={}));var p=s(19),g=s(8),b=s(24),h=s(10);let j;!function(e){e.GT=">",e.LT="<",e.GT_OR_EQ=">=",e.LT_OR_EQ="<=",e.BETWEEN="between",e.NOT_BETWEEN="notBetween"}(j||(j={})),new Map([[j.LT,"less than"],[j.LT_OR_EQ,"less than or equal to"],[j.GT_OR_EQ,"greater than or equal to"],[j.GT,"greater than"],[j.BETWEEN,"between"],[j.NOT_BETWEEN,"not between"]]);const m=new Map([[j.LT,(e,t)=>ee<=t[0]],[j.GT_OR_EQ,(e,t)=>e>=t[0]],[j.GT,(e,t)=>e>t[0]],[j.BETWEEN,(e,t)=>e>=t[0]&&e<=t[1]],[j.NOT_BETWEEN,(e,t)=>et[1]]]),y=(e,t,s)=>{if(0===t.length)throw new Error("Threshold value required");function r(e){return Number.isInteger(e)?`${e}L`:`${e}`}switch(e){case j.LT:return`${s} < ${r(t[0])}`;case j.LT_OR_EQ:return`${s} <= ${r(t[0])}`;case j.GT:return`${s} > ${r(t[0])}`;case j.GT_OR_EQ:return`${s} >= ${r(t[0])}`;case j.BETWEEN:if(t.length<2)throw new Error("Threshold values required");return`${s} >= ${r(t[0])} && ${s} <= ${r(t[1])}`;case j.NOT_BETWEEN:if(t.length<2)throw new Error("Threshold values required");return`${s} < ${r(t[0])} || ${s} > ${r(t[1])}`}};new Set(m.keys());var O=s(29),x=s(6),f=s(12),E=s(1);const S={result:null,error:null,isLoading:!1};var T=s(3);const v=({fetch:e,copyQuery:t,hasValidationErrors:s})=>{const{onTestQuery:r,testQueryResult:a,testQueryError:n,testQueryLoading:l}=function(e){const[t,s]=Object(i.useState)(S);return Object(i.useEffect)((()=>{s(S)}),[e]),{onTestQuery:Object(i.useCallback)((async()=>{s({result:null,error:null,isLoading:!0});try{const{testResults:r,isGrouped:a,timeWindow:i}=await e();if(a)s({result:u.i18n.translate("xpack.stackAlerts.esQuery.ui.testQueryGroupedResponse",{defaultMessage:"Grouped query matched {groups} groups in the last {window}.",values:{groups:r.results.length,window:i}}),error:null,isLoading:!1});else{var t;const e=r.results.length>0?r.results[0]:{count:0};s({result:u.i18n.translate("xpack.stackAlerts.esQuery.ui.numQueryMatchesText",{defaultMessage:"Query matched {count} documents in the last {window}.",values:{count:null!==(t=null==e?void 0:e.count)&&void 0!==t?t:0,window:i}}),error:null,isLoading:!1})}}catch(e){var r,a,i,o,n;const t=(null==e||null===(r=e.body)||void 0===r||null===(a=r.attributes)||void 0===a||null===(i=a.error)||void 0===i||null===(o=i.root_cause[0])||void 0===o?void 0:o.reason)||(null==e||null===(n=e.body)||void 0===n?void 0:n.message);s({result:null,error:u.i18n.translate("xpack.stackAlerts.esQuery.ui.queryError",{defaultMessage:"Error testing query: {message}",values:{message:t?`${e.message}: ${t}`:e.message}}),isLoading:!1})}}),[e]),testQueryResult:t.result,testQueryError:t.error,testQueryLoading:t.isLoading}}(e),[d,p]=Object(i.useState)(null);return Object(T.jsx)(o.a.Fragment,null,Object(T.jsx)(c.EuiFormRow,null,Object(T.jsx)(c.EuiFlexGroup,{alignItems:"center",responsive:!1,gutterSize:"s"},Object(T.jsx)(c.EuiFlexItem,{grow:!1},Object(T.jsx)(c.EuiButton,{"data-test-subj":"testQuery",color:"primary",iconSide:"left",iconType:"playFilled",onClick:()=>{r()},disabled:s,isLoading:l,size:"s"},Object(T.jsx)(g.FormattedMessage,{id:"xpack.stackAlerts.esQuery.ui.testQuery",defaultMessage:"Test query"}))),t&&Object(T.jsx)(c.EuiFlexItem,{grow:!1},Object(T.jsx)(c.EuiToolTip,{content:d,onMouseOut:()=>{p(null)}},Object(T.jsx)(c.EuiButtonEmpty,{"data-test-subj":"copyQuery",color:"primary",iconSide:"left",iconType:"copyClipboard",onClick:()=>{Object(c.copyToClipboard)(t())&&p(Object(T.jsx)(g.FormattedMessage,{id:"xpack.stackAlerts.esQuery.ui.queryCopiedToClipboard",defaultMessage:"Copied"}))},disabled:s,isLoading:l,size:"s"},Object(T.jsx)(g.FormattedMessage,{id:"xpack.stackAlerts.esQuery.ui.copyQuery",defaultMessage:"Copy query"})))))),l&&Object(T.jsx)(c.EuiFormRow,null,Object(T.jsx)(c.EuiText,{color:"subdued",size:"s"},Object(T.jsx)("p",null,Object(T.jsx)(g.FormattedMessage,{id:"xpack.stackAlerts.esQuery.ui.testQueryIsExecuted",defaultMessage:"Query is executed."})))),a&&Object(T.jsx)(c.EuiFormRow,null,Object(T.jsx)(c.EuiText,{"data-test-subj":"testQuerySuccess",color:"subdued",size:"s"},Object(T.jsx)("p",null,a))),n&&Object(T.jsx)(c.EuiFormRow,null,Object(T.jsx)(c.EuiText,{"data-test-subj":"testQueryError",color:"danger",size:"s"},Object(T.jsx)("p",null,n))))};var F=s(31),C=s.n(F);const _={name:"1y0ex1",styles:"max-width:400px"};class threshold_help_popover_QueryThresholdHelpPopover extends i.Component{constructor(...e){super(...e),C()(this,"state",{isPopoverOpen:!1}),C()(this,"PopoverStyles",{name:"1y0ex1",styles:"max-width:400px"}),C()(this,"_togglePopover",(()=>{this.setState((e=>({isPopoverOpen:!e.isPopoverOpen})))})),C()(this,"_closePopover",(()=>{this.setState({isPopoverOpen:!1})}))}_renderContent(){return Object(T.jsx)("div",{css:_},Object(T.jsx)(c.EuiText,{grow:!1,size:"s"},Object(T.jsx)("p",null,Object(T.jsx)(g.FormattedMessage,{id:"xpack.stackAlerts.esQuery.ui.thresholdHelp.threshold",defaultMessage:"Each time the rule runs, it checks whether the number of documents that match your query meets this threshold. If there is a grouped over clause, the rule checks the condition for the specified number of top groups."})),Object(T.jsx)("p",null,Object(T.jsx)(g.FormattedMessage,{id:"xpack.stackAlerts.esQuery.ui.thresholdHelp.timeWindow",defaultMessage:"The time window indicates how far back in time to search. To avoid gaps in detection, set this value greater than or equal to the value you chose for the {checkField} field.",values:{checkField:Object(T.jsx)("b",null,"Check every")}})),Object(T.jsx)("p",null,Object(T.jsx)(g.FormattedMessage,{id:"xpack.stackAlerts.esQuery.ui.thresholdHelp.duplicateMatches",defaultMessage:"If {excludePrevious} is turned on, a document that matches the query in multiple runs will be used in only the first threshold calculation.",values:{excludePrevious:Object(T.jsx)("b",null,"Exclude matches from previous runs")}}))))}render(){return Object(T.jsx)(c.EuiPopover,{id:"thresholdHelpPopover","data-test-subj":"thresholdHelpPopover",anchorPosition:"upLeft",button:Object(T.jsx)(c.EuiButtonIcon,{onClick:this._togglePopover,iconType:"documentation","aria-label":u.i18n.translate("xpack.stackAlerts.esQuery.ui.thresholdHelp.ariaLabel",{defaultMessage:"Help"})}),isOpen:this.state.isPopoverOpen,closePopover:this._closePopover,repositionOnScroll:!0,ownFocus:!0},Object(T.jsx)(c.EuiPopoverTitle,null,Object(T.jsx)(g.FormattedMessage,{id:"xpack.stackAlerts.esQuery.ui.thresholdHelp.title",defaultMessage:"Set the group, threshold and time window"})),this._renderContent())}}const w=({esFields:e,thresholdComparator:t,threshold:s,timeWindowSize:r,timeWindowUnit:a,aggType:n,aggField:l,groupBy:d,termField:p,termSize:b,size:j,errors:m,hasValidationErrors:y,onChangeSelectedAggField:O,onChangeSelectedAggType:f,onChangeSelectedGroupBy:S,onChangeSelectedTermField:F,onChangeSelectedTermSize:C,onChangeThreshold:_,onChangeThresholdComparator:w,onChangeWindowSize:k,onChangeWindowUnit:A,onChangeSizeValue:R,onTestFetch:P,onCopyQuery:Q,excludeHitsFromPreviousRun:z,onChangeExcludeHitsFromPreviousRun:I})=>{const[M,W]=Object(i.useState)(!1);return Object(i.useEffect)((()=>{d&&W(d!==h.builtInGroupByTypes.all.value)}),[d]),Object(T.jsx)(o.a.Fragment,null,Object(T.jsx)(c.EuiTitle,{size:"xs"},Object(T.jsx)("h4",null,Object(T.jsx)(g.FormattedMessage,{id:"xpack.stackAlerts.esQuery.ui.conditionsPrompt",defaultMessage:"Set the group, threshold, and time window"})," ",Object(T.jsx)(threshold_help_popover_QueryThresholdHelpPopover,null))),Object(T.jsx)(c.EuiSpacer,{size:"s"}),Object(T.jsx)(E.WhenExpression,{display:"fullWidth","data-test-subj":"whenExpression",aggType:null!=n?n:x.c.AGGREGATION_TYPE,onChangeSelectedAggType:f}),n&&E.builtInAggregationTypes[n].fieldRequired?Object(T.jsx)(E.OfExpression,{aggField:l,"data-test-subj":"aggTypeExpression",fields:e,aggType:n,errors:m,display:"fullWidth",onChangeSelectedAggField:O}):null,Object(T.jsx)(E.GroupByExpression,{groupBy:d||x.c.GROUP_BY,"data-test-subj":"groupByExpression",termField:p,termSize:b,errors:m,fields:e,display:"fullWidth",onChangeSelectedGroupBy:S,onChangeSelectedTermField:F,onChangeSelectedTermSize:C}),Object(T.jsx)(E.ThresholdExpression,{"data-test-subj":"thresholdExpression",thresholdComparator:null!=t?t:x.c.THRESHOLD_COMPARATOR,threshold:null!=s?s:x.c.THRESHOLD,errors:m,display:"fullWidth",popupPosition:"upLeft",onChangeSelectedThreshold:_,onChangeSelectedThresholdComparator:w}),Object(T.jsx)(E.ForLastExpression,{"data-test-subj":"forLastExpression",popupPosition:"upLeft",timeWindowSize:null!=r?r:x.c.TIME_WINDOW_SIZE,timeWindowUnit:null!=a?a:x.c.TIME_WINDOW_UNIT,display:"fullWidth",errors:m,onChangeWindowSize:k,onChangeWindowUnit:A}),Object(T.jsx)(c.EuiSpacer,{size:"s"}),Object(T.jsx)(c.EuiFlexGroup,{alignItems:"center",responsive:!1,gutterSize:"xs"},Object(T.jsx)(c.EuiFlexItem,{grow:!1},Object(T.jsx)(c.EuiTitle,{size:"xs"},Object(T.jsx)("h5",null,Object(T.jsx)(g.FormattedMessage,{id:"xpack.stackAlerts.esQuery.ui.selectSizePrompt",defaultMessage:"Set the number of documents to send"})))),Object(T.jsx)(c.EuiFlexItem,{grow:!1},Object(T.jsx)(c.EuiIconTip,{position:"right",color:"subdued",type:"questionInCircle",content:u.i18n.translate("xpack.stackAlerts.esQuery.ui.selectSizePrompt.toolTip",{defaultMessage:"Specify the number of documents to pass to the configured actions when the threshold condition is met."})}))),Object(T.jsx)(c.EuiSpacer,{size:"s"}),Object(T.jsx)(E.ValueExpression,{description:u.i18n.translate("xpack.stackAlerts.esQuery.ui.sizeExpression",{defaultMessage:"Size"}),"data-test-subj":"sizeValueExpression",value:j,errors:m.size,display:"fullWidth",popupPosition:"upLeft",onChangeSelectedValue:R}),Object(T.jsx)(c.EuiSpacer,{size:"m"}),Object(T.jsx)(c.EuiFormRow,null,Object(T.jsx)(c.EuiCheckbox,{disabled:M,"data-test-subj":"excludeHitsFromPreviousRunExpression",checked:z,id:"excludeHitsFromPreviousRunExpressionId",onChange:e=>{I(e.target.checked)},label:u.i18n.translate("xpack.stackAlerts.esQuery.ui.excludePreviousHitsExpression",{defaultMessage:"Exclude matches from previous runs"})})),Object(T.jsx)(c.EuiSpacer,{size:"m"}),Object(T.jsx)(v,{fetch:P,copyQuery:Q,hasValidationErrors:y}))};var k=s(9),A=s(11);const R=["pinFilter","disableFilter"],P=e=>{var t,s,r,a,n,u,d,j,m;const E=Object(k.d)().unifiedSearch,{dataViews:S,dataViewEditor:v}=Object(k.d)(),{searchSource:F,errors:C,initialSavedQuery:_,setParam:P,ruleParams:Q}=e,[z,I]=Object(i.useState)();Object(i.useEffect)((()=>I(_)),[_]);const[M,W]=Object(i.useReducer)(((e,t)=>{var s;return(e=>"filter"===e.type||"index"===e.type||"query"===e.type)(t)?(F.setParent(void 0).setField(t.type,t.payload),P("searchConfiguration",F.getSerializedFields()),"index"===t.type&&P("timeField",null===(s=F.getField("index"))||void 0===s?void 0:s.timeFieldName)):P(t.type,t.payload),{...e,[t.type]:t.payload}}),{index:F.getField("index"),query:F.getField("query"),filter:Object(b.mapAndFlattenFilters)(F.getField("filter")),threshold:null!==(t=Q.threshold)&&void 0!==t?t:x.c.THRESHOLD,thresholdComparator:null!==(s=Q.thresholdComparator)&&void 0!==s?s:x.c.THRESHOLD_COMPARATOR,timeWindowSize:null!==(r=Q.timeWindowSize)&&void 0!==r?r:x.c.TIME_WINDOW_SIZE,timeWindowUnit:null!==(a=Q.timeWindowUnit)&&void 0!==a?a:x.c.TIME_WINDOW_UNIT,aggType:null!==(n=Q.aggType)&&void 0!==n?n:x.c.AGGREGATION_TYPE,aggField:Q.aggField,groupBy:null!==(u=Q.groupBy)&&void 0!==u?u:x.c.GROUP_BY,termSize:null!==(d=Q.termSize)&&void 0!==d?d:x.c.TERM_SIZE,termField:Q.termField,size:null!==(j=Q.size)&&void 0!==j?j:x.c.SIZE,excludeHitsFromPreviousRun:null!==(m=Q.excludeHitsFromPreviousRun)&&void 0!==m?m:x.c.EXCLUDE_PREVIOUS_HITS}),{index:L,query:B,filter:H}=M,D=Object(i.useMemo)((()=>L?[L]:[]),[L]),[q,U]=Object(i.useState)(L?Object(k.a)(L.fields.map((e=>e.toSpec()))):[]),G=Object(i.useCallback)((e=>{U(Object(k.a)(e.fields.map((e=>e.toSpec())))),W({type:"index",payload:e})}),[]),N=Object(i.useCallback)((e=>{W({type:"filter",payload:Object(b.mapAndFlattenFilters)(e)})}),[]),V=Object(i.useCallback)((({query:e})=>{l()(e,B)||W({type:"query",payload:e||{...B,query:""}})}),[B]),$=Object(i.useCallback)((e=>{I(e);const t=e.attributes.filters;t&&W({type:"filter",payload:t})}),[]),Y=Object(i.useCallback)((e=>W({type:"timeWindowUnit",payload:e})),[]),Z=Object(i.useCallback)((e=>e&&W({type:"timeWindowSize",payload:e})),[]),J=Object(i.useCallback)((e=>e&&W({type:"thresholdComparator",payload:e})),[]),X=Object(i.useCallback)((e=>W({type:"aggField",payload:e})),[]),K=Object(i.useCallback)((e=>W({type:"aggType",payload:e})),[]),ee=Object(i.useCallback)((e=>e&&W({type:"groupBy",payload:e})),[]),te=Object(i.useCallback)((e=>W({type:"termField",payload:e})),[]),se=Object(i.useCallback)((e=>e&&W({type:"termSize",payload:e})),[]),re=Object(i.useCallback)((e=>e&&W({type:"threshold",payload:e})),[]),ae=Object(i.useCallback)((e=>W({type:"size",payload:e})),[]),ie=Object(i.useCallback)((e=>W({type:"excludeHitsFromPreviousRun",payload:e})),[]),oe=`${M.timeWindowSize}${M.timeWindowUnit}`,ne=Object(i.useCallback)((()=>{var e;const t=F.createCopy(),s=Object(b.getTime)(F.getField("index"),{from:`now-${oe}`,to:"now"});return t.setField("filter",s?[s,...M.filter]:M.filter),t.setField("aggs",Object(h.buildAggregation)({aggType:Q.aggType,aggField:Q.aggField,termField:Q.termField,termSize:Q.termSize,condition:{conditionScript:y(null!==(e=Q.thresholdComparator)&&void 0!==e?e:x.c.THRESHOLD_COMPARATOR,Q.threshold,h.BUCKET_SELECTOR_FIELD)}})),t}),[F,oe,M,Q.aggType,Q.aggField,Q.termField,Q.termSize,Q.threshold,Q.thresholdComparator]),le=Object(i.useCallback)((()=>{const e=ne();return JSON.stringify(e.getSearchRequestBody(),null,2)}),[ne]),ce=Object(i.useCallback)((async()=>{const e=Object(h.isGroupAggregation)(Q.termField),t=Object(h.isCountAggregation)(Q.aggType),s=ne(),{rawResponse:r}=await Object(p.lastValueFrom)(s.fetch$());return{testResults:Object(h.parseAggregationResults)({isCountAgg:t,isGroupAgg:e,esResult:r}),isGrouped:e,timeWindow:oe}}),[oe,ne,Q.aggType,Q.termField]);return Object(T.jsx)(i.Fragment,null,Object(T.jsx)(c.EuiTitle,{size:"xs"},Object(T.jsx)("h5",null,Object(T.jsx)(g.FormattedMessage,{id:"xpack.stackAlerts.esQuery.ui.selectDataViewPrompt",defaultMessage:"Select a data view"}))),Object(T.jsx)(c.EuiSpacer,{size:"s"}),Object(T.jsx)(f.a,{dependencies:{dataViews:S,dataViewEditor:v},dataView:L,metadata:e.metadata,onSelectDataView:G,onChangeMetaData:e.onChangeMetaData}),Boolean(null==L?void 0:L.id)&&Object(T.jsx)(o.a.Fragment,null,Object(T.jsx)(c.EuiSpacer,{size:"s"}),Object(T.jsx)(c.EuiTitle,{size:"xs"},Object(T.jsx)("h5",null,Object(T.jsx)(g.FormattedMessage,{id:"xpack.stackAlerts.esQuery.ui.defineTextQueryPrompt",defaultMessage:"Define your query"}))),Object(T.jsx)(c.EuiSpacer,{size:"xs"}),Object(T.jsx)(E.ui.SearchBar,{appName:O.a,onQuerySubmit:({query:e})=>{(null==e?void 0:e.language)!==B.language&&W({type:"query",payload:{...B,language:null==e?void 0:e.language}})},onQueryChange:V,suggestionsSize:"s",displayStyle:"inPage",query:B,indexPatterns:D,savedQuery:z,filters:H,onFiltersUpdated:N,onClearSavedQuery:()=>{I(void 0),W({type:"query",payload:{...B,query:""}})},onSavedQueryUpdated:$,onSaved:$,showSaveQuery:!0,showQueryInput:!0,showFilterBar:!0,showDatePicker:!1,showAutoRefreshOnly:!1,showSubmitButton:!1,dateRangeFrom:void 0,dateRangeTo:void 0,hiddenFilterPanelOptions:R})),Object(T.jsx)(c.EuiSpacer,{size:"m"}),Object(T.jsx)(w,{threshold:M.threshold,thresholdComparator:M.thresholdComparator,timeWindowSize:M.timeWindowSize,timeWindowUnit:M.timeWindowUnit,size:M.size,esFields:q,aggType:M.aggType,aggField:M.aggField,groupBy:M.groupBy,termSize:M.termSize,termField:M.termField,onChangeSelectedAggField:X,onChangeSelectedAggType:K,onChangeSelectedGroupBy:ee,onChangeSelectedTermField:te,onChangeSelectedTermSize:se,onChangeThreshold:re,onChangeThresholdComparator:J,onChangeWindowSize:Z,onChangeWindowUnit:Y,onChangeSizeValue:ae,errors:C,hasValidationErrors:Object(A.a)(e.ruleParams),onTestFetch:ce,onCopyQuery:le,excludeHitsFromPreviousRun:M.excludeHitsFromPreviousRun,onChangeExcludeHitsFromPreviousRun:ie}),Object(T.jsx)(c.EuiSpacer,null))},Q=({ruleParams:e,errors:t,setRuleParams:s,setRuleProperty:r,metadata:a,onChangeMetaData:n})=>{const{thresholdComparator:l,threshold:u,timeWindowSize:p,timeWindowUnit:g,size:b,savedQueryId:h,searchConfiguration:j,aggType:m,aggField:y,groupBy:O,termField:f,termSize:E,excludeHitsFromPreviousRun:S}=e,{data:v}=Object(k.d)(),[F,C]=Object(i.useState)(),[_,w]=Object(i.useState)(),[A,R]=Object(i.useState)(),Q=Object(i.useCallback)(((e,t)=>{s(e,t)}),[s]);return Object(i.useEffect)((()=>{(async()=>{let e=j;if(!j){const t=v.search.searchSource.createEmpty();t.setField("query",v.query.queryString.getDefaultQuery());const s=await v.dataViews.getDefaultDataView();s&&t.setField("index",s),e=t.getSerializedFields()}try{var t;const s=await v.search.searchSource.create(e);r("params",{searchConfiguration:e,timeField:null===(t=s.getField("index"))||void 0===t?void 0:t.timeFieldName,searchType:d.searchSource,timeWindowSize:null!=p?p:x.c.TIME_WINDOW_SIZE,timeWindowUnit:null!=g?g:x.c.TIME_WINDOW_UNIT,threshold:null!=u?u:x.c.THRESHOLD,thresholdComparator:null!=l?l:x.c.THRESHOLD_COMPARATOR,size:null!=b?b:x.c.SIZE,aggType:null!=m?m:x.c.AGGREGATION_TYPE,aggField:y,groupBy:null!=O?O:x.c.GROUP_BY,termField:f,termSize:null!=E?E:x.c.TERM_SIZE,excludeHitsFromPreviousRun:null!=S?S:x.c.EXCLUDE_PREVIOUS_HITS}),C(s)}catch(e){R(e)}})()}),[v.search.searchSource,v.dataViews]),Object(i.useEffect)((()=>{h&&v.query.savedQueries.getSavedQuery(h).then(w)}),[v.query.savedQueries,h]),A?Object(T.jsx)(o.a.Fragment,null,Object(T.jsx)(c.EuiCallOut,{color:"danger",iconType:"warning"},Object(T.jsx)("p",null,A.message)),Object(T.jsx)(c.EuiSpacer,{size:"s"})):F?Object(T.jsx)(P,{ruleParams:e,searchSource:F,errors:t,initialSavedQuery:_,setParam:Q,metadata:a,onChangeMetaData:n}):Object(T.jsx)(c.EuiEmptyPrompt,{title:Object(T.jsx)(c.EuiLoadingSpinner,{size:"xl"})})};var z=s(5),I=s(25),M=s(17),W=s(26);const L=({aggs:e,index:t,from:s,to:r,filter:a,size:i,searchAfterSortId:o,sortOrder:n,timeField:l,track_total_hits:c,fields:u,runtime_mappings:d,_source:p})=>{const g=l,b={allow_no_indices:!0,index:t,size:i,ignore_unavailable:!0,track_total_hits:null!=c&&c,body:{docvalue_fields:[l].map((e=>({field:e,format:"strict_date_optional_time"}))),query:{bool:{filter:[a,{bool:{filter:[{range:{[l]:{lte:r,gte:s,format:"strict_date_optional_time"}}}]}}]}},...e?{aggs:e}:{},sort:[{[g]:{order:null!=n?n:"asc",format:"strict_date_optional_time||epoch_millis"}}]},...d?{runtime_mappings:d}:{},...u?{fields:u}:{},...null!=p?{_source:p}:{}};return o?{...b,body:{...b.body,search_after:[o]}}:b};var B=s(32);const{useXJsonMode:H}=I.XJson,D=({ruleParams:e,setRuleParams:t,setRuleProperty:s,errors:r,data:a})=>{const{index:o,timeField:n,esQuery:l,size:b,thresholdComparator:j,threshold:m,timeWindowSize:O,timeWindowUnit:f,aggType:S,aggField:v,groupBy:F,termSize:C,termField:_,excludeHitsFromPreviousRun:R}=e,[P,Q]=Object(i.useState)({...e,timeWindowSize:null!=O?O:x.c.TIME_WINDOW_SIZE,timeWindowUnit:null!=f?f:x.c.TIME_WINDOW_UNIT,threshold:null!=m?m:x.c.THRESHOLD,thresholdComparator:null!=j?j:x.c.THRESHOLD_COMPARATOR,size:null!=b?b:x.c.SIZE,esQuery:null!=l?l:x.c.QUERY,aggType:null!=S?S:x.c.AGGREGATION_TYPE,groupBy:null!=F?F:x.c.GROUP_BY,termSize:null!=C?C:x.c.TERM_SIZE,searchType:d.esQuery,excludeHitsFromPreviousRun:null!=R?R:x.c.EXCLUDE_PREVIOUS_HITS}),I=Object(i.useCallback)(((e,s)=>{Q((t=>({...t,[e]:s}))),t(e,s)}),[t]),D=Object(k.d)(),{http:q,docLinks:U}=D,[G,N]=Object(i.useState)([]),[V,$]=Object(i.useState)([]),[Y,Z]=Object(i.useState)([]),{convertToJson:J,setXJson:X,xJson:K}=H(x.c.QUERY);Object(i.useEffect)((()=>{(async()=>{s("params",P),X(null!=l?l:x.c.QUERY),o&&o.length>0&&await ee(o)})()}),[]);const ee=async e=>{const t=await Object(E.getFields)(q,e);N(t),Z(Object(z.sortBy)(t.concat(V),"name"))},te=Object(i.useCallback)((async()=>{const e=Object(h.isGroupAggregation)(_),t=Object(h.isCountAggregation)(S),s=`${O}${f}`;if(Object(A.a)(P))return{testResults:{results:[],truncated:!1},isGrouped:e,timeWindow:s};const r=Object(W.parseDuration)(s),i=JSON.parse(l),c=Date.now(),{rawResponse:u}=await Object(p.lastValueFrom)(a.search.search({params:L({index:o,from:new Date(c-r).toISOString(),to:new Date(c).toISOString(),filter:i.query,size:0,searchAfterSortId:void 0,timeField:n||"",track_total_hits:!0,aggs:Object(h.buildAggregation)({aggType:S,aggField:v,termField:_,termSize:C,condition:{conditionScript:y(null!=j?j:x.c.THRESHOLD_COMPARATOR,m,h.BUCKET_SELECTOR_FIELD)}})})}));return{testResults:Object(h.parseAggregationResults)({isCountAgg:t,isGroupAgg:e,esResult:u}),isGrouped:e,timeWindow:s}}),[O,f,P,l,a.search,o,n,S,v,_,C,m,j]);return Object(T.jsx)(i.Fragment,null,Object(T.jsx)(c.EuiTitle,{size:"xs"},Object(T.jsx)("h5",null,Object(T.jsx)(g.FormattedMessage,{id:"xpack.stackAlerts.esQuery.ui.selectIndexPrompt",defaultMessage:"Select an index and time field"}))),Object(T.jsx)(c.EuiSpacer,{size:"s"}),Object(T.jsx)(B.a,{index:o,"data-test-subj":"indexSelectPopover",esFields:G,timeField:n,errors:r,onIndexChange:async t=>{I("index",t),0===t.length?s("params",{timeField:e.timeField,index:t,esQuery:x.c.QUERY,size:x.c.SIZE,thresholdComparator:x.c.THRESHOLD_COMPARATOR,timeWindowSize:x.c.TIME_WINDOW_SIZE,timeWindowUnit:x.c.TIME_WINDOW_UNIT,threshold:x.c.THRESHOLD,aggType:x.c.AGGREGATION_TYPE,groupBy:x.c.GROUP_BY,termSize:x.c.TERM_SIZE,searchType:d.esQuery,excludeHitsFromPreviousRun:x.c.EXCLUDE_PREVIOUS_HITS}):await ee(t)},onTimeFieldChange:e=>I("timeField",e)}),Object(T.jsx)(c.EuiSpacer,{size:"s"}),Object(T.jsx)(c.EuiTitle,{size:"xs"},Object(T.jsx)("h5",null,Object(T.jsx)(g.FormattedMessage,{id:"xpack.stackAlerts.esQuery.ui.defineQueryPrompt",defaultMessage:"Define your query using Query DSL"}))),Object(T.jsx)(c.EuiSpacer,{size:"s"}),Object(T.jsx)(c.EuiFormRow,{id:"queryEditor","data-test-subj":"queryJsonEditor",fullWidth:!0,isInvalid:r.esQuery.length>0,error:r.esQuery,helpText:Object(T.jsx)(c.EuiLink,{href:U.links.query.queryDsl,target:"_blank"},Object(T.jsx)(g.FormattedMessage,{id:"xpack.stackAlerts.esQuery.ui.queryPrompt.help",defaultMessage:"Elasticsearch Query DSL documentation"}))},Object(T.jsx)(M.CodeEditor,{languageId:"xjson",width:"100%",height:"200px",value:K,onChange:e=>{X(e),I("esQuery",J(e)),(e=>{let t;try{t=Object(z.get)(JSON.parse(e),"runtime_mappings")}catch(e){}if(t){const e=Object(k.b)(t);$(e),Z(Object(z.sortBy)(G.concat(e),"name"))}})(e)},options:{ariaLabel:u.i18n.translate("xpack.stackAlerts.esQuery.ui.queryEditor",{defaultMessage:"Elasticsearch query editor"}),wordWrap:"off",tabSize:2,lineNumbers:"off",lineNumbersMinChars:0,folding:!1,lineDecorationsWidth:0,overviewRulerBorder:!1}})),Object(T.jsx)(c.EuiSpacer,{size:"s"}),Object(T.jsx)(w,{threshold:null!=m?m:x.c.THRESHOLD,thresholdComparator:null!=j?j:x.c.THRESHOLD_COMPARATOR,timeWindowSize:O,timeWindowUnit:f,size:b,esFields:Y,aggType:S,aggField:v,groupBy:F,termSize:C,termField:_,onChangeSelectedAggField:Object(i.useCallback)((e=>I("aggField",e)),[I]),onChangeSelectedAggType:Object(i.useCallback)((e=>I("aggType",e)),[I]),onChangeSelectedGroupBy:Object(i.useCallback)((e=>I("groupBy",e)),[I]),onChangeSelectedTermField:Object(i.useCallback)((e=>I("termField",e)),[I]),onChangeSelectedTermSize:Object(i.useCallback)((e=>I("termSize",e)),[I]),onChangeThreshold:Object(i.useCallback)((e=>I("threshold",e)),[I]),onChangeThresholdComparator:Object(i.useCallback)((e=>I("thresholdComparator",e)),[I]),onChangeWindowSize:Object(i.useCallback)((e=>I("timeWindowSize",e)),[I]),onChangeWindowUnit:Object(i.useCallback)((e=>I("timeWindowUnit",e)),[I]),onChangeSizeValue:Object(i.useCallback)((e=>I("size",e)),[I]),errors:r,hasValidationErrors:Object(A.a)(P),onTestFetch:te,excludeHitsFromPreviousRun:R,onChangeExcludeHitsFromPreviousRun:Object(i.useCallback)((e=>I("excludeHitsFromPreviousRun",e)),[I])}),Object(T.jsx)(c.EuiSpacer,null))},q=[{formType:d.searchSource,label:u.i18n.translate("xpack.stackAlerts.esQuery.ui.selectQueryFormType.kqlOrLuceneFormTypeLabel",{defaultMessage:"KQL or Lucene"}),description:u.i18n.translate("xpack.stackAlerts.esQuery.ui.selectQueryFormType.kqlOrLuceneFormTypeDescription",{defaultMessage:"Use KQL or Lucene to define a text-based query."})},{formType:d.esQuery,label:u.i18n.translate("xpack.stackAlerts.esQuery.ui.selectQueryFormType.queryDslFormTypeLabel",{defaultMessage:"Query DSL"}),description:u.i18n.translate("xpack.stackAlerts.esQuery.ui.selectQueryFormType.queryDslFormTypeDescription",{defaultMessage:"Use the Elasticsearch Query DSL to define a query."})}],U=({searchType:e,onFormTypeSelect:t})=>{if(e){const s=q.find((t=>t.formType===e));return Object(T.jsx)(o.a.Fragment,null,Object(T.jsx)(c.EuiFlexGroup,{alignItems:"center",gutterSize:"s",responsive:!1},Object(T.jsx)(c.EuiFlexItem,null,Object(T.jsx)(c.EuiTitle,{size:"xs","data-test-subj":"selectedRuleFormTypeTitle"},Object(T.jsx)("h5",null,null==s?void 0:s.label))),Object(T.jsx)(c.EuiFlexItem,{grow:!1},Object(T.jsx)(c.EuiButtonIcon,{iconType:"cross",color:"danger","data-test-subj":"queryFormTypeChooserCancel","aria-label":u.i18n.translate("xpack.stackAlerts.esQuery.ui.selectQueryFormType.cancelSelectionAriaLabel",{defaultMessage:"Cancel selection"}),onClick:()=>t(null)}))),Object(T.jsx)(c.EuiText,{color:"subdued",size:"s","data-test-subj":"selectedRuleFormTypeDescription"},null==s?void 0:s.description),Object(T.jsx)(c.EuiSpacer,null))}return Object(T.jsx)(o.a.Fragment,null,Object(T.jsx)(c.EuiTitle,{size:"xs"},Object(T.jsx)("h5",{"data-test-subj":"queryFormTypeChooserTitle"},Object(T.jsx)(g.FormattedMessage,{id:"xpack.stackAlerts.esQuery.ui.selectQueryFormTypeLabel",defaultMessage:"Select a query type"}))),Object(T.jsx)(c.EuiListGroup,{flush:!0,gutterSize:"m",size:"m",maxWidth:!1},q.map((e=>Object(T.jsx)(c.EuiListGroupItem,{wrapText:!0,key:`form-type-${e.formType}`,"data-test-subj":`queryFormType_${e.formType}`,color:"primary",label:Object(T.jsx)("span",null,Object(T.jsx)("strong",null,e.label),Object(T.jsx)(c.EuiText,{color:"subdued",size:"s"},Object(T.jsx)("p",null,e.description))),onClick:()=>t(e.formType)})))),Object(T.jsx)(c.EuiSpacer,null))};function G(e,t){const s=l()(e.errors,t.errors),r=l()(e.ruleParams,t.ruleParams);return s&&r}const N=Object(i.memo)(Q,G);t.default=e=>{var t,s;const{ruleParams:r,errors:n,setRuleProperty:l,setRuleParams:d}=e,p=Object(k.c)(r),g=null===(t=null===(s=e.metadata)||void 0===s?void 0:s.isManagementPage)||void 0===t||t,b=Object(i.useCallback)((e=>{e?d("searchType",e):l("params",{})}),[d,l]),h=u.i18n.translate("xpack.stackAlerts.esQuery.ui.alertParams.fixErrorInExpressionBelowValidationMessage",{defaultMessage:"Expression contains errors."}),j=x.a.find((e=>{var t;return(null===(t=n[e])||void 0===t?void 0:t.length)>=1&&void 0!==r[e]})),m=!!j&&Object(T.jsx)(o.a.Fragment,null,Object(T.jsx)(c.EuiCallOut,{color:"danger",size:"s","data-test-subj":"esQueryAlertExpressionError",title:["index","searchType","timeField"].includes(j)?n[j]:h}),Object(T.jsx)(c.EuiSpacer,null));return Object(T.jsx)(o.a.Fragment,null,m,g&&Object(T.jsx)(U,{searchType:r.searchType,onFormTypeSelect:b}),r.searchType&&p&&Object(T.jsx)(N,a()({},e,{ruleParams:r})),r.searchType&&!p&&Object(T.jsx)(D,a()({},e,{ruleParams:r})),Object(T.jsx)(c.EuiHorizontalRule,null))}}}]);