Skip to content

Commit

Permalink
[Alerting] Display Action Group in Alert Details (#82645) (#82824)
Browse files Browse the repository at this point in the history
* Adding action group id to event log. Showing action group as part of status in alert details view

* Simplifying getting action group id

* Cleanup

* Adding unit tests

* Updating functional tests

* Updating test

* Fix types check

* Updating test

* PR fixes

* PR fixes
  • Loading branch information
ymao1 authored Nov 6, 2020
1 parent 09b76d8 commit b8f2342
Show file tree
Hide file tree
Showing 17 changed files with 276 additions and 65 deletions.
1 change: 1 addition & 0 deletions x-pack/plugins/alerts/common/alert_instance_summary.ts
Original file line number Diff line number Diff line change
Expand Up @@ -27,5 +27,6 @@ export interface AlertInstanceSummary {
export interface AlertInstanceStatus {
status: AlertInstanceStatusValues;
muted: boolean;
actionGroupId?: string;
activeStartDate?: string;
}
Original file line number Diff line number Diff line change
Expand Up @@ -118,12 +118,12 @@ describe('getAlertInstanceSummary()', () => {
.addExecute()
.addNewInstance('instance-currently-active')
.addNewInstance('instance-previously-active')
.addActiveInstance('instance-currently-active')
.addActiveInstance('instance-previously-active')
.addActiveInstance('instance-currently-active', 'action group A')
.addActiveInstance('instance-previously-active', 'action group B')
.advanceTime(10000)
.addExecute()
.addResolvedInstance('instance-previously-active')
.addActiveInstance('instance-currently-active')
.addActiveInstance('instance-currently-active', 'action group A')
.getEvents();
const eventsResult = {
...AlertInstanceSummaryFindEventsResult,
Expand All @@ -144,16 +144,19 @@ describe('getAlertInstanceSummary()', () => {
"id": "1",
"instances": Object {
"instance-currently-active": Object {
"actionGroupId": "action group A",
"activeStartDate": "2019-02-12T21:01:22.479Z",
"muted": false,
"status": "Active",
},
"instance-muted-no-activity": Object {
"actionGroupId": undefined,
"activeStartDate": undefined,
"muted": true,
"status": "OK",
},
"instance-previously-active": Object {
"actionGroupId": undefined,
"activeStartDate": undefined,
"muted": false,
"status": "OK",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -104,11 +104,13 @@ describe('alertInstanceSummaryFromEventLog', () => {
Object {
"instances": Object {
"instance-1": Object {
"actionGroupId": undefined,
"activeStartDate": undefined,
"muted": true,
"status": "OK",
},
"instance-2": Object {
"actionGroupId": undefined,
"activeStartDate": undefined,
"muted": true,
"status": "OK",
Expand Down Expand Up @@ -184,7 +186,7 @@ describe('alertInstanceSummaryFromEventLog', () => {
const events = eventsFactory
.addExecute()
.addNewInstance('instance-1')
.addActiveInstance('instance-1')
.addActiveInstance('instance-1', 'action group A')
.advanceTime(10000)
.addExecute()
.addResolvedInstance('instance-1')
Expand All @@ -202,6 +204,7 @@ describe('alertInstanceSummaryFromEventLog', () => {
Object {
"instances": Object {
"instance-1": Object {
"actionGroupId": undefined,
"activeStartDate": undefined,
"muted": false,
"status": "OK",
Expand All @@ -218,7 +221,7 @@ describe('alertInstanceSummaryFromEventLog', () => {
const eventsFactory = new EventsFactory();
const events = eventsFactory
.addExecute()
.addActiveInstance('instance-1')
.addActiveInstance('instance-1', 'action group A')
.advanceTime(10000)
.addExecute()
.addResolvedInstance('instance-1')
Expand All @@ -236,6 +239,7 @@ describe('alertInstanceSummaryFromEventLog', () => {
Object {
"instances": Object {
"instance-1": Object {
"actionGroupId": undefined,
"activeStartDate": undefined,
"muted": false,
"status": "OK",
Expand All @@ -253,10 +257,10 @@ describe('alertInstanceSummaryFromEventLog', () => {
const events = eventsFactory
.addExecute()
.addNewInstance('instance-1')
.addActiveInstance('instance-1')
.addActiveInstance('instance-1', 'action group A')
.advanceTime(10000)
.addExecute()
.addActiveInstance('instance-1')
.addActiveInstance('instance-1', 'action group A')
.getEvents();

const summary: AlertInstanceSummary = alertInstanceSummaryFromEventLog({
Expand All @@ -271,6 +275,79 @@ describe('alertInstanceSummaryFromEventLog', () => {
Object {
"instances": Object {
"instance-1": Object {
"actionGroupId": "action group A",
"activeStartDate": "2020-06-18T00:00:00.000Z",
"muted": false,
"status": "Active",
},
},
"lastRun": "2020-06-18T00:00:10.000Z",
"status": "Active",
}
`);
});

test('alert with currently active instance with no action group in event log', async () => {
const alert = createAlert({});
const eventsFactory = new EventsFactory();
const events = eventsFactory
.addExecute()
.addNewInstance('instance-1')
.addActiveInstance('instance-1', undefined)
.advanceTime(10000)
.addExecute()
.addActiveInstance('instance-1', undefined)
.getEvents();

const summary: AlertInstanceSummary = alertInstanceSummaryFromEventLog({
alert,
events,
dateStart,
dateEnd,
});

const { lastRun, status, instances } = summary;
expect({ lastRun, status, instances }).toMatchInlineSnapshot(`
Object {
"instances": Object {
"instance-1": Object {
"actionGroupId": undefined,
"activeStartDate": "2020-06-18T00:00:00.000Z",
"muted": false,
"status": "Active",
},
},
"lastRun": "2020-06-18T00:00:10.000Z",
"status": "Active",
}
`);
});

test('alert with currently active instance that switched action groups', async () => {
const alert = createAlert({});
const eventsFactory = new EventsFactory();
const events = eventsFactory
.addExecute()
.addNewInstance('instance-1')
.addActiveInstance('instance-1', 'action group A')
.advanceTime(10000)
.addExecute()
.addActiveInstance('instance-1', 'action group B')
.getEvents();

const summary: AlertInstanceSummary = alertInstanceSummaryFromEventLog({
alert,
events,
dateStart,
dateEnd,
});

const { lastRun, status, instances } = summary;
expect({ lastRun, status, instances }).toMatchInlineSnapshot(`
Object {
"instances": Object {
"instance-1": Object {
"actionGroupId": "action group B",
"activeStartDate": "2020-06-18T00:00:00.000Z",
"muted": false,
"status": "Active",
Expand All @@ -287,10 +364,10 @@ describe('alertInstanceSummaryFromEventLog', () => {
const eventsFactory = new EventsFactory();
const events = eventsFactory
.addExecute()
.addActiveInstance('instance-1')
.addActiveInstance('instance-1', 'action group A')
.advanceTime(10000)
.addExecute()
.addActiveInstance('instance-1')
.addActiveInstance('instance-1', 'action group A')
.getEvents();

const summary: AlertInstanceSummary = alertInstanceSummaryFromEventLog({
Expand All @@ -305,6 +382,7 @@ describe('alertInstanceSummaryFromEventLog', () => {
Object {
"instances": Object {
"instance-1": Object {
"actionGroupId": "action group A",
"activeStartDate": undefined,
"muted": false,
"status": "Active",
Expand All @@ -322,12 +400,12 @@ describe('alertInstanceSummaryFromEventLog', () => {
const events = eventsFactory
.addExecute()
.addNewInstance('instance-1')
.addActiveInstance('instance-1')
.addActiveInstance('instance-1', 'action group A')
.addNewInstance('instance-2')
.addActiveInstance('instance-2')
.addActiveInstance('instance-2', 'action group B')
.advanceTime(10000)
.addExecute()
.addActiveInstance('instance-1')
.addActiveInstance('instance-1', 'action group A')
.addResolvedInstance('instance-2')
.getEvents();

Expand All @@ -343,11 +421,13 @@ describe('alertInstanceSummaryFromEventLog', () => {
Object {
"instances": Object {
"instance-1": Object {
"actionGroupId": "action group A",
"activeStartDate": "2020-06-18T00:00:00.000Z",
"muted": true,
"status": "Active",
},
"instance-2": Object {
"actionGroupId": undefined,
"activeStartDate": undefined,
"muted": true,
"status": "OK",
Expand All @@ -365,19 +445,19 @@ describe('alertInstanceSummaryFromEventLog', () => {
const events = eventsFactory
.addExecute()
.addNewInstance('instance-1')
.addActiveInstance('instance-1')
.addActiveInstance('instance-1', 'action group A')
.addNewInstance('instance-2')
.addActiveInstance('instance-2')
.addActiveInstance('instance-2', 'action group B')
.advanceTime(10000)
.addExecute()
.addActiveInstance('instance-1')
.addActiveInstance('instance-1', 'action group A')
.addResolvedInstance('instance-2')
.advanceTime(10000)
.addExecute()
.addActiveInstance('instance-1')
.addActiveInstance('instance-1', 'action group B')
.advanceTime(10000)
.addExecute()
.addActiveInstance('instance-1')
.addActiveInstance('instance-1', 'action group B')
.getEvents();

const summary: AlertInstanceSummary = alertInstanceSummaryFromEventLog({
Expand All @@ -392,11 +472,13 @@ describe('alertInstanceSummaryFromEventLog', () => {
Object {
"instances": Object {
"instance-1": Object {
"actionGroupId": "action group B",
"activeStartDate": "2020-06-18T00:00:00.000Z",
"muted": false,
"status": "Active",
},
"instance-2": Object {
"actionGroupId": undefined,
"activeStartDate": undefined,
"muted": false,
"status": "OK",
Expand Down Expand Up @@ -452,14 +534,17 @@ export class EventsFactory {
return this;
}

addActiveInstance(instanceId: string): EventsFactory {
addActiveInstance(instanceId: string, actionGroupId: string | undefined): EventsFactory {
const kibanaAlerting = actionGroupId
? { instance_id: instanceId, action_group_id: actionGroupId }
: { instance_id: instanceId };
this.events.push({
'@timestamp': this.date,
event: {
provider: EVENT_LOG_PROVIDER,
action: EVENT_LOG_ACTIONS.activeInstance,
},
kibana: { alerting: { instance_id: instanceId } },
kibana: { alerting: kibanaAlerting },
});
return this;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -78,10 +78,12 @@ export function alertInstanceSummaryFromEventLog(
// intentionally no break here
case EVENT_LOG_ACTIONS.activeInstance:
status.status = 'Active';
status.actionGroupId = event?.kibana?.alerting?.action_group_id;
break;
case EVENT_LOG_ACTIONS.resolvedInstance:
status.status = 'OK';
status.activeStartDate = undefined;
status.actionGroupId = undefined;
}
}

Expand Down Expand Up @@ -118,6 +120,7 @@ function getAlertInstanceStatus(
const status: AlertInstanceStatus = {
status: 'OK',
muted: false,
actionGroupId: undefined,
activeStartDate: undefined,
};
instances.set(instanceId, status);
Expand Down
11 changes: 8 additions & 3 deletions x-pack/plugins/alerts/server/task_runner/task_runner.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -292,6 +292,7 @@ describe('Task Runner', () => {
kibana: {
alerting: {
instance_id: '1',
action_group_id: 'default',
},
saved_objects: [
{
Expand All @@ -302,7 +303,7 @@ describe('Task Runner', () => {
},
],
},
message: "test:1: 'alert-name' active instance: '1'",
message: "test:1: 'alert-name' active instance: '1' in actionGroup: 'default'",
});
expect(eventLogger.logEvent).toHaveBeenCalledWith({
event: {
Expand Down Expand Up @@ -424,6 +425,7 @@ describe('Task Runner', () => {
},
"kibana": Object {
"alerting": Object {
"action_group_id": undefined,
"instance_id": "1",
},
"saved_objects": Array [
Expand All @@ -445,6 +447,7 @@ describe('Task Runner', () => {
},
"kibana": Object {
"alerting": Object {
"action_group_id": "default",
"instance_id": "1",
},
"saved_objects": Array [
Expand All @@ -456,7 +459,7 @@ describe('Task Runner', () => {
},
],
},
"message": "test:1: 'alert-name' active instance: '1'",
"message": "test:1: 'alert-name' active instance: '1' in actionGroup: 'default'",
},
],
Array [
Expand Down Expand Up @@ -565,6 +568,7 @@ describe('Task Runner', () => {
},
"kibana": Object {
"alerting": Object {
"action_group_id": undefined,
"instance_id": "2",
},
"saved_objects": Array [
Expand All @@ -586,6 +590,7 @@ describe('Task Runner', () => {
},
"kibana": Object {
"alerting": Object {
"action_group_id": "default",
"instance_id": "1",
},
"saved_objects": Array [
Expand All @@ -597,7 +602,7 @@ describe('Task Runner', () => {
},
],
},
"message": "test:1: 'alert-name' active instance: '1'",
"message": "test:1: 'alert-name' active instance: '1' in actionGroup: 'default'",
},
],
]
Expand Down
Loading

0 comments on commit b8f2342

Please sign in to comment.