Outlook activity datastream for o365 package

[ritalwar]

• Enhancement

Proposed commit message

Initial draft of the o365_metrics package with the outlook_activity data stream.

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.
• I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

Related issues

Screenshots

[elastic-vault-github-plugin-prod]

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

[lucian-ioan]

Some minor nits and suggestions, otherwise looks good.

[lucian-ioan]

LGTM. I think we can ship this as the first one.

[tommyers-elastic]

naming conventions recommend that units like count are appended to field names as a suffix e.g. meeting_created.count

https://www.elastic.co/guide/en/beats/devguide/7.17/event-conventions.html#units

[tommyers-elastic]

please can we add units, dimensions, metric types to these fields?

[ritalwar]

We plan to address TSDB-related changes later, once a few datastreams are merged. We've also asked for help to perform some service-related activities to generate richer API responses, which will help us implement these changes effectively.

[lalit-satapathy]

Is units done and only dimension and metric types pending?

[ritalwar]

I have suffixed the names with .count where applicable. However, the unit value count is not allowed due to validation constraints, which specify that the unit must be one of the following: "byte", "percent", "d", "h", "m", "s", "ms", "micros", or "nanos".

[lalit-satapathy]

should we add (under-development) at the end?

[ritalwar]

Updated, and it looks like:

[tommyers-elastic]

i don't understand why we need this when we have the tech preview badge

[lalit-satapathy]

• For the field naming we have now as o365metrics.*. One alternative is o365.metrics. Any suggestion, which is preferable? Also the O365 audit package has fields named as: o365.audit.*, if we want to be consistent to that.
• For data stream naming, also lets define a consistent scheme between these choices and something which works for all future data_stream names:
  • outlookactivity vs.
  • outlook.activity vs.
  • outlook_activity
    (Also please note it may be confusing to create a future data_stream name for m365.active_users since, o365 is already being used in the beginning).

CC: @lucian-ioan

[ritalwar]

• For the field naming we have now as o365metrics.*. One alternative is o365.metrics. Any suggestion, which is preferable? Also the O365 audit package has fields named as: o365.audit.*, if we want to be consistent to that.

Yes, I think it's better to maintain consistency, so I've updated the naming to o365.metrics.

• For data stream naming, also lets define a consistent scheme between these choices and something which works for all future data_stream names:

  • outlookactivity vs.
  • outlook.activity vs.
  • outlook_activity

For field naming, I have updated it to outlook.activity, following the structure o365.metrics.outlook.activity.*. However, for the datastream name, the naming convention validation does not allow the use of outlook.activity. To maintain clarity, I suggest sticking with outlook_activity for the datastream name.

[elastic-sonarqube]

Quality Gate failed

Failed conditions
17.4% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: 70500e2

History

• 💚 Build #19530 succeeded 6028d05
• 💚 Build #19410 succeeded b985b28
• 💚 Build #19354 succeeded 0d16f81
• 💚 Build #19144 succeeded 52e7293
• 💚 Build #18948 succeeded 88d3147

cc @ritalwar

[lalit-satapathy]

Early development version. Approving to enable successive PR merge.

[elastic-vault-github-plugin-prod]

Package o365_metrics - 0.1.0 containing this change is available at https://epr.elastic.co/package/o365_metrics/0.1.0/