elastic · doakalexi · Sep 24, 2025 · Jul 30, 2025 · Jul 31, 2025 · Jul 31, 2025
diff --git a/src/platform/packages/shared/response-ops/rule_params/es_query/v1.ts b/src/platform/packages/shared/response-ops/rule_params/es_query/v1.ts
@@ -170,6 +170,7 @@ const EsQueryRuleParamsSchemaProperties = {
       }),
       {
         maxSize: MAX_SELECTABLE_SOURCE_FIELDS,
+        meta: { description: 'The sourceFields param is ignored.' },
       }
     )
   ),

diff --git a/x-pack/platform/plugins/private/translations/translations/de-DE.json b/x-pack/platform/plugins/private/translations/translations/de-DE.json
@@ -42233,13 +42233,10 @@
     "xpack.stackAlerts.components.ui.alertParams.indexPlaceholder": "Indizes und ein Zeitfeld auswählen",
     "xpack.stackAlerts.components.ui.alertParams.indicesToQueryLabel": "Indexe zum Abfragen",
     "xpack.stackAlerts.components.ui.alertParams.timeFieldLabel": "Zeitfeld",
-    "xpack.stackAlerts.components.ui.sourceFieldsSelect.placeholder": "Felder auswählen",
-    "xpack.stackAlerts.components.ui.sourceFieldsSelect.title": "Hinzufügen weiterer Felder zu Warnungsdetails",
     "xpack.stackAlerts.esqlQuery.ui.validation.error.requiredQueryText": "ES|QL-Abfrage ist erforderlich.",
     "xpack.stackAlerts.esqlQuery.ui.validation.error.requiredThreshold0Text": "Der Schwellenwert muss 0 sein.",
     "xpack.stackAlerts.esqlQuery.ui.validation.error.requiredThresholdComparatorText": "Der Schwellenwertkomparator muss größer sein als",
     "xpack.stackAlerts.esqlQuery.ui.validation.error.requiredTimeFieldText": "Das Zeitfeld ist erforderlich.",
-    "xpack.stackAlerts.esqlQuery.ui.validation.error.sourceFields": "Es können nicht mehr als {max} Felder ausgewählt werden",
     "xpack.stackAlerts.esQuery.actionGroupThresholdMetTitle": "Abfrage übereinstimmend",
     "xpack.stackAlerts.esQuery.actionVariableContextConditionsLabel": "Eine Zeichenfolge, die die Bedingung für den Schwellenwert beschreibt.",
     "xpack.stackAlerts.esQuery.actionVariableContextDateLabel": "Das Datum, an dem der Alarm die Schwellenbedingung erreicht hat.",

diff --git a/x-pack/platform/plugins/private/translations/translations/fr-FR.json b/x-pack/platform/plugins/private/translations/translations/fr-FR.json
@@ -42350,13 +42350,10 @@
     "xpack.stackAlerts.components.ui.alertParams.indexPlaceholder": "Sélectionner les index et un champ temporel",
     "xpack.stackAlerts.components.ui.alertParams.indicesToQueryLabel": "Index à interroger",
     "xpack.stackAlerts.components.ui.alertParams.timeFieldLabel": "Champ temporel",
-    "xpack.stackAlerts.components.ui.sourceFieldsSelect.placeholder": "Sélectionner des champs",
-    "xpack.stackAlerts.components.ui.sourceFieldsSelect.title": "Ajouter plus de champs aux détails des alertes",
     "xpack.stackAlerts.esqlQuery.ui.validation.error.requiredQueryText": "Une requête ES|QL est requise.",
     "xpack.stackAlerts.esqlQuery.ui.validation.error.requiredThreshold0Text": "Le seuil doit correspondre à 0.",
     "xpack.stackAlerts.esqlQuery.ui.validation.error.requiredThresholdComparatorText": "Le comparateur de seuil doit être plus élevé que.",
     "xpack.stackAlerts.esqlQuery.ui.validation.error.requiredTimeFieldText": "Le champ temporel est requis.",
-    "xpack.stackAlerts.esqlQuery.ui.validation.error.sourceFields": "Impossible de sélectionner plus de {max} champs",
     "xpack.stackAlerts.esQuery.actionGroupThresholdMetTitle": "Correspondance de recherche",
     "xpack.stackAlerts.esQuery.actionVariableContextConditionsLabel": "Chaîne qui décrit la condition de seuil.",
     "xpack.stackAlerts.esQuery.actionVariableContextDateLabel": "Date à laquelle l'alerte a rempli la condition de seuil.",

diff --git a/x-pack/platform/plugins/private/translations/translations/ja-JP.json b/x-pack/platform/plugins/private/translations/translations/ja-JP.json
@@ -42399,13 +42399,10 @@
     "xpack.stackAlerts.components.ui.alertParams.indexPlaceholder": "インデックスと時間フィールドを選択",
     "xpack.stackAlerts.components.ui.alertParams.indicesToQueryLabel": "クエリを実行するインデックス",
     "xpack.stackAlerts.components.ui.alertParams.timeFieldLabel": "時間フィールド",
-    "xpack.stackAlerts.components.ui.sourceFieldsSelect.placeholder": "フィールドを選択",
-    "xpack.stackAlerts.components.ui.sourceFieldsSelect.title": "その他のフィールドをアラート詳細に追加",
     "xpack.stackAlerts.esqlQuery.ui.validation.error.requiredQueryText": "ES|QLクエリは必須です。",
     "xpack.stackAlerts.esqlQuery.ui.validation.error.requiredThreshold0Text": "しきい値は0でなければなりません。",
     "xpack.stackAlerts.esqlQuery.ui.validation.error.requiredThresholdComparatorText": "しきい値比較器はそれよりも大きくなければなりません。",
     "xpack.stackAlerts.esqlQuery.ui.validation.error.requiredTimeFieldText": "時間フィールドが必要です。",
-    "xpack.stackAlerts.esqlQuery.ui.validation.error.sourceFields": "{max}を超えるフィールドは選択できません",
     "xpack.stackAlerts.esQuery.actionGroupThresholdMetTitle": "クエリが一致しました",
     "xpack.stackAlerts.esQuery.actionVariableContextConditionsLabel": "しきい値条件を説明する文字列。",
     "xpack.stackAlerts.esQuery.actionVariableContextDateLabel": "アラートがしきい値条件を満たした日付。",

diff --git a/x-pack/platform/plugins/private/translations/translations/zh-CN.json b/x-pack/platform/plugins/private/translations/translations/zh-CN.json
@@ -42382,13 +42382,10 @@
     "xpack.stackAlerts.components.ui.alertParams.indexPlaceholder": "选择索引和时间字段",
     "xpack.stackAlerts.components.ui.alertParams.indicesToQueryLabel": "要查询的索引",
     "xpack.stackAlerts.components.ui.alertParams.timeFieldLabel": "时间字段",
-    "xpack.stackAlerts.components.ui.sourceFieldsSelect.placeholder": "选择字段",
-    "xpack.stackAlerts.components.ui.sourceFieldsSelect.title": "添加更多字段到告警详情",
     "xpack.stackAlerts.esqlQuery.ui.validation.error.requiredQueryText": "ES|QL 查询必填。",
     "xpack.stackAlerts.esqlQuery.ui.validation.error.requiredThreshold0Text": "阈值必须为 0。",
     "xpack.stackAlerts.esqlQuery.ui.validation.error.requiredThresholdComparatorText": "阈值比较运算符必须为大于。",
     "xpack.stackAlerts.esqlQuery.ui.validation.error.requiredTimeFieldText": "“时间字段”必填。",
-    "xpack.stackAlerts.esqlQuery.ui.validation.error.sourceFields": "选择的字段不能超过 {max} 个",
     "xpack.stackAlerts.esQuery.actionGroupThresholdMetTitle": "查询已匹配",
     "xpack.stackAlerts.esQuery.actionVariableContextConditionsLabel": "描述阈值条件的字符串。",
     "xpack.stackAlerts.esQuery.actionVariableContextDateLabel": "告警满足阈值条件的日期。",

@@ -6,19 +6,4 @@
  */
 
 export const MAX_SELECTABLE_GROUP_BY_TERMS = 4;
-export const MAX_SELECTABLE_SOURCE_FIELDS = 5;
 export const MAX_HITS_FOR_GROUP_BY = 100;
-
-const HOST_NAME = 'host.name';
-const HOST_HOSTNAME = 'host.hostname';
-const HOST_ID = 'host.id';
-const CONTAINER_ID = 'container.id';
-const KUBERNETES_POD_UID = 'kubernetes.pod.uid';
-
-export const validSourceFields = [
-  HOST_NAME,
-  HOST_HOSTNAME,
-  HOST_ID,
-  CONTAINER_ID,
-  KUBERNETES_POD_UID,
-];
-Original file line number
+Diff line change
@@ Expand Up / @@ -170,6 +170,7 @@ const EsQueryRuleParamsSchemaProperties = { @@
           }),
           {
             maxSize: MAX_SELECTABLE_SOURCE_FIELDS,
+            meta: { description: 'The sourceFields param is ignored.' },
           }
         )
       ),
@@ Expand Down @@