[Discover] Enable esQuery alert for adhoc data views

[dimaanj]

Summary

Closes #142514 #142389

This PR does the following:

• Enables to create esQuery (in KQL or Lucene mode) using adhoc data views from discover and management pages
• Adds explore matching indices button to data view picker in alert flyout
• Adding adhoc data views from alert flyout should propage them to a main discover picker

Checklist

• Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support
• Unit or functional tests were updated or added to match the most common scenarios
• Any UI touched in this PR is usable by keyboard only (learn more about keyboard accessibility)
• Any UI touched in this PR does not create any new axe failures (run axe in browser: FF, Chrome)
• If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the docker list
• This renders correctly on smaller devices using a responsive layout. (You can test this in your browser)

[dimaanj]

@elasticmachine merge upstream

[dimaanj]

@elasticmachine merge upstream

[dimaanj]

@elasticmachine merge upstream

[davismcphee]

I got a chance to fix the types PR today so it should be good to merge: dimaanj#7. I also did a final round of local testing and code review and assuming we merge the types PR, this LGTM 👍

[kertal]

@elasticmachine merge upstream

[ymao1]

fyi i renamed alert_types to rule_types in this PR: #144613

[kertal]

Did a quick final review. Discover code LGTM, tested by creating 2 ad-hoc dataview based alert rules with the cloud instance ... one in Discover, one in Stack management. Got the notifications in the slack channel. What a ride, congrats!

[kibana-ci]

💛 Build succeeded, but was flaky

• Buildkite Build
• Commit: 5e1034f
• Cloud Deployment

Failed CI Steps

• FTR Configs #1

Test Failures

• [job] [logs] FTR Configs #1 / Upgrade Assistant Deprecation pages "before all" hook for "renders the Elasticsearch deprecations page"

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id	before	after	diff
stackAlerts	65	66	+1
unifiedSearch	170	185	+15
total			+16

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id	before	after	diff
data	2553	2555	+2
triggersActionsUi	497	499	+2
unifiedSearch	104	106	+2
total			+6

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
discover	413.0KB	414.0KB	+1.0KB
stackAlerts	74.0KB	74.6KB	+654.0B
triggersActionsUi	658.7KB	659.0KB	+239.0B
unifiedSearch	216.2KB	216.2KB	+11.0B
total			+1.9KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
data	401.3KB	401.3KB	+6.0B
stackAlerts	14.0KB	14.0KB	+10.0B
unifiedSearch	49.7KB	57.0KB	+7.3KB
total			+7.3KB

Unknown metric groups

API count

id	before	after	diff
data	3263	3265	+2
triggersActionsUi	526	528	+2
unifiedSearch	131	134	+3
total			+7

ESLint disabled in files

id	before	after	diff
osquery	1	2	+1
stackAlerts	1	0	-1
total			-0

ESLint disabled line counts

id	before	after	diff
enterpriseSearch	19	21	+2
fleet	59	65	+6
osquery	108	113	+5
securitySolution	440	446	+6
total			+19

Total ESLint disabled count

id	before	after	diff
enterpriseSearch	20	22	+2
fleet	67	73	+6
osquery	109	115	+6
securitySolution	517	523	+6
stackAlerts	26	25	-1
total			+19

History

• 💚 Build #85749 succeeded 25dab32
• 💔 Build #85379 failed e911a7b
• 💚 Build #84568 succeeded 494ef84
• 💚 Build #84286 succeeded bb8c912
• 💚 Build #83756 succeeded 0192eb0

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @dimaanj