[RAM] Rule event log - Fix incorrect results when filtering by messag…

…e and outcome simultaneously (#143119) * Fix event log message filtering * Fix tests * Fix tests Co-authored-by: Kibana Machine <[email protected]>
elastic · Oct 20, 2022 · ad665b1 · ad665b1
1 parent 2eea2c2
commit ad665b1
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 7 deletions.
diff --git a/x-pack/plugins/triggers_actions_ui/public/application/lib/rule_api/get_filter.test.ts b/x-pack/plugins/triggers_actions_ui/public/application/lib/rule_api/get_filter.test.ts
@@ -10,17 +10,28 @@ import { getFilter } from './get_filter';
 describe('getFilter', () => {
   test('should return message filter', () => {
     expect(getFilter({ message: 'test message' })).toEqual([
-      'message: "test message" OR error.message: "test message"',
+      '(message: "test message" OR error.message: "test message")',
     ]);
   });
 
   test('should return outcome filter', () => {
     expect(getFilter({ outcomeFilter: ['failure', 'warning', 'success', 'unknown'] })).toEqual([
-      'event.outcome: failure OR kibana.alerting.outcome: warning OR kibana.alerting.outcome:success OR (event.outcome: success AND NOT kibana.alerting.outcome:*) OR event.outcome: unknown',
+      '(event.outcome: failure OR kibana.alerting.outcome: warning OR kibana.alerting.outcome:success OR (event.outcome: success AND NOT kibana.alerting.outcome:*) OR event.outcome: unknown)',
     ]);
   });
 
   test('should return runId filter', () => {
     expect(getFilter({ runId: 'test' })).toEqual(['kibana.alert.rule.execution.uuid: test']);
   });
+
+  test('should return filter for both message and outcome', () => {
+    expect(getFilter({ message: 'test message', outcomeFilter: ['failure', 'warning'] })).toEqual([
+      '(message: "test message" OR error.message: "test message")',
+      '(event.outcome: failure OR kibana.alerting.outcome: warning)',
+    ]);
+  });
+
+  test('should not return filter if outcome filter is invalid', () => {
+    expect(getFilter({ outcomeFilter: ['doesntexist'] })).toEqual([]);
+  });
 });
diff --git a/x-pack/plugins/triggers_actions_ui/public/application/lib/rule_api/get_filter.ts b/x-pack/plugins/triggers_actions_ui/public/application/lib/rule_api/get_filter.ts
@@ -19,11 +19,14 @@ export const getFilter = ({
 
   if (message) {
     const escapedMessage = message.replace(/([\)\(\<\>\}\{\"\:\\])/gm, '\\$&');
-    filter.push(`message: "${escapedMessage}" OR error.message: "${escapedMessage}"`);
+    filter.push(`(message: "${escapedMessage}" OR error.message: "${escapedMessage}")`);
   }
 
   if (outcomeFilter && outcomeFilter.length) {
-    filter.push(getOutcomeFilter(outcomeFilter));
+    const outcomeFilterKQL = getOutcomeFilter(outcomeFilter);
+    if (outcomeFilterKQL) {
+      filter.push(`(${outcomeFilterKQL})`);
+    }
   }
 
   if (runId) {

diff --git a/...plugins/triggers_actions_ui/public/application/lib/rule_api/load_action_error_log.test.ts b/...plugins/triggers_actions_ui/public/application/lib/rule_api/load_action_error_log.test.ts
@@ -117,7 +117,7 @@ describe('loadActionErrorLog', () => {
           "query": Object {
             "date_end": "2022-03-23T16:17:53.482Z",
             "date_start": "2022-03-23T16:17:53.482Z",
-            "filter": "message: \\"test\\" OR error.message: \\"test\\" and kibana.alert.rule.execution.uuid: 123",
+            "filter": "(message: \\"test\\" OR error.message: \\"test\\") and kibana.alert.rule.execution.uuid: 123",
             "page": 1,
             "per_page": 10,
             "sort": "[{\\"@timestamp\\":{\\"order\\":\\"asc\\"}}]",

diff --git a/...iggers_actions_ui/public/application/lib/rule_api/load_execution_log_aggregations.test.ts b/...iggers_actions_ui/public/application/lib/rule_api/load_execution_log_aggregations.test.ts
@@ -47,7 +47,8 @@ describe('loadExecutionLogAggregations', () => {
       id: 'test-id',
       dateStart: '2022-03-23T16:17:53.482Z',
       dateEnd: '2022-03-23T16:17:53.482Z',
-      outcomeFilter: ['success'],
+      outcomeFilter: ['success', 'warning'],
+      message: 'test-message',
       perPage: 10,
       page: 0,
       sort: [sortTimestamp],
@@ -84,7 +85,7 @@ describe('loadExecutionLogAggregations', () => {
           "query": Object {
             "date_end": "2022-03-23T16:17:53.482Z",
             "date_start": "2022-03-23T16:17:53.482Z",
-            "filter": "kibana.alerting.outcome:success OR (event.outcome: success AND NOT kibana.alerting.outcome:*)",
+            "filter": "(message: \\"test-message\\" OR error.message: \\"test-message\\") and (kibana.alerting.outcome:success OR (event.outcome: success AND NOT kibana.alerting.outcome:*) OR kibana.alerting.outcome: warning)",
             "page": 1,
             "per_page": 10,
             "sort": "[{\\"timestamp\\":{\\"order\\":\\"asc\\"}}]",