From ad665b1b19afdfe36e10039efae31d852e1a7044 Mon Sep 17 00:00:00 2001 From: Jiawei Wu <74562234+JiaweiWu@users.noreply.github.com> Date: Thu, 20 Oct 2022 12:43:07 -0700 Subject: [PATCH] [RAM] Rule event log - Fix incorrect results when filtering by message and outcome simultaneously (#143119) * Fix event log message filtering * Fix tests * Fix tests Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> --- .../application/lib/rule_api/get_filter.test.ts | 15 +++++++++++++-- .../public/application/lib/rule_api/get_filter.ts | 7 +++++-- .../lib/rule_api/load_action_error_log.test.ts | 2 +- .../load_execution_log_aggregations.test.ts | 5 +++-- 4 files changed, 22 insertions(+), 7 deletions(-) diff --git a/x-pack/plugins/triggers_actions_ui/public/application/lib/rule_api/get_filter.test.ts b/x-pack/plugins/triggers_actions_ui/public/application/lib/rule_api/get_filter.test.ts index 70987db3f2d49..53b75afd774da 100644 --- a/x-pack/plugins/triggers_actions_ui/public/application/lib/rule_api/get_filter.test.ts +++ b/x-pack/plugins/triggers_actions_ui/public/application/lib/rule_api/get_filter.test.ts @@ -10,17 +10,28 @@ import { getFilter } from './get_filter'; describe('getFilter', () => { test('should return message filter', () => { expect(getFilter({ message: 'test message' })).toEqual([ - 'message: "test message" OR error.message: "test message"', + '(message: "test message" OR error.message: "test message")', ]); }); test('should return outcome filter', () => { expect(getFilter({ outcomeFilter: ['failure', 'warning', 'success', 'unknown'] })).toEqual([ - 'event.outcome: failure OR kibana.alerting.outcome: warning OR kibana.alerting.outcome:success OR (event.outcome: success AND NOT kibana.alerting.outcome:*) OR event.outcome: unknown', + '(event.outcome: failure OR kibana.alerting.outcome: warning OR kibana.alerting.outcome:success OR (event.outcome: success AND NOT kibana.alerting.outcome:*) OR event.outcome: unknown)', ]); }); test('should return runId filter', () => { expect(getFilter({ runId: 'test' })).toEqual(['kibana.alert.rule.execution.uuid: test']); }); + + test('should return filter for both message and outcome', () => { + expect(getFilter({ message: 'test message', outcomeFilter: ['failure', 'warning'] })).toEqual([ + '(message: "test message" OR error.message: "test message")', + '(event.outcome: failure OR kibana.alerting.outcome: warning)', + ]); + }); + + test('should not return filter if outcome filter is invalid', () => { + expect(getFilter({ outcomeFilter: ['doesntexist'] })).toEqual([]); + }); }); diff --git a/x-pack/plugins/triggers_actions_ui/public/application/lib/rule_api/get_filter.ts b/x-pack/plugins/triggers_actions_ui/public/application/lib/rule_api/get_filter.ts index 92bbdc38ae4bb..59ccef9734b65 100644 --- a/x-pack/plugins/triggers_actions_ui/public/application/lib/rule_api/get_filter.ts +++ b/x-pack/plugins/triggers_actions_ui/public/application/lib/rule_api/get_filter.ts @@ -19,11 +19,14 @@ export const getFilter = ({ if (message) { const escapedMessage = message.replace(/([\)\(\<\>\}\{\"\:\\])/gm, '\\$&'); - filter.push(`message: "${escapedMessage}" OR error.message: "${escapedMessage}"`); + filter.push(`(message: "${escapedMessage}" OR error.message: "${escapedMessage}")`); } if (outcomeFilter && outcomeFilter.length) { - filter.push(getOutcomeFilter(outcomeFilter)); + const outcomeFilterKQL = getOutcomeFilter(outcomeFilter); + if (outcomeFilterKQL) { + filter.push(`(${outcomeFilterKQL})`); + } } if (runId) { diff --git a/x-pack/plugins/triggers_actions_ui/public/application/lib/rule_api/load_action_error_log.test.ts b/x-pack/plugins/triggers_actions_ui/public/application/lib/rule_api/load_action_error_log.test.ts index d06447be31fbc..56de4f5c4c890 100644 --- a/x-pack/plugins/triggers_actions_ui/public/application/lib/rule_api/load_action_error_log.test.ts +++ b/x-pack/plugins/triggers_actions_ui/public/application/lib/rule_api/load_action_error_log.test.ts @@ -117,7 +117,7 @@ describe('loadActionErrorLog', () => { "query": Object { "date_end": "2022-03-23T16:17:53.482Z", "date_start": "2022-03-23T16:17:53.482Z", - "filter": "message: \\"test\\" OR error.message: \\"test\\" and kibana.alert.rule.execution.uuid: 123", + "filter": "(message: \\"test\\" OR error.message: \\"test\\") and kibana.alert.rule.execution.uuid: 123", "page": 1, "per_page": 10, "sort": "[{\\"@timestamp\\":{\\"order\\":\\"asc\\"}}]", diff --git a/x-pack/plugins/triggers_actions_ui/public/application/lib/rule_api/load_execution_log_aggregations.test.ts b/x-pack/plugins/triggers_actions_ui/public/application/lib/rule_api/load_execution_log_aggregations.test.ts index c40f0a0b2735d..43655ff21e3bb 100644 --- a/x-pack/plugins/triggers_actions_ui/public/application/lib/rule_api/load_execution_log_aggregations.test.ts +++ b/x-pack/plugins/triggers_actions_ui/public/application/lib/rule_api/load_execution_log_aggregations.test.ts @@ -47,7 +47,8 @@ describe('loadExecutionLogAggregations', () => { id: 'test-id', dateStart: '2022-03-23T16:17:53.482Z', dateEnd: '2022-03-23T16:17:53.482Z', - outcomeFilter: ['success'], + outcomeFilter: ['success', 'warning'], + message: 'test-message', perPage: 10, page: 0, sort: [sortTimestamp], @@ -84,7 +85,7 @@ describe('loadExecutionLogAggregations', () => { "query": Object { "date_end": "2022-03-23T16:17:53.482Z", "date_start": "2022-03-23T16:17:53.482Z", - "filter": "kibana.alerting.outcome:success OR (event.outcome: success AND NOT kibana.alerting.outcome:*)", + "filter": "(message: \\"test-message\\" OR error.message: \\"test-message\\") and (kibana.alerting.outcome:success OR (event.outcome: success AND NOT kibana.alerting.outcome:*) OR kibana.alerting.outcome: warning)", "page": 1, "per_page": 10, "sort": "[{\\"timestamp\\":{\\"order\\":\\"asc\\"}}]",