From a486d9d12efdb57c3695193dcb50d8621491c112 Mon Sep 17 00:00:00 2001 From: Ying Date: Tue, 20 Dec 2022 14:57:27 -0500 Subject: [PATCH 1/3] Formatting summarized alerts --- .../alerting/server/routes/create_rule.ts | 14 +- .../create_get_summarized_alerts_fn.test.ts | 906 +++++++++++++++--- .../utils/create_get_summarized_alerts_fn.ts | 32 +- .../tests/trial/get_summarized_alerts.ts | 5 +- 4 files changed, 835 insertions(+), 122 deletions(-) diff --git a/x-pack/plugins/alerting/server/routes/create_rule.ts b/x-pack/plugins/alerting/server/routes/create_rule.ts index 2e2f420b65936..145934df29341 100644 --- a/x-pack/plugins/alerting/server/routes/create_rule.ts +++ b/x-pack/plugins/alerting/server/routes/create_rule.ts @@ -128,8 +128,18 @@ export const createRuleRoute = ({ router, licenseState, usageCounter }: RouteOpt await rulesClient.create({ data: rewriteBodyReq({ ...rule, - actions: rewriteActions(rule.actions), - notify_when: rule.notify_when as RuleNotifyWhenType, + actions: rule.actions.map((action) => { + return { + ...action, + frequency: { + summary: true, + throttle: null, + notifyWhen: 'onActiveAlert', + }, + }; + }), + notify_when: undefined, + throttle: undefined, }), options: { id: params?.id }, }); diff --git a/x-pack/plugins/rule_registry/server/utils/create_get_summarized_alerts_fn.test.ts b/x-pack/plugins/rule_registry/server/utils/create_get_summarized_alerts_fn.test.ts index 0ceb1e6ed8a84..387bd0174dbc4 100644 --- a/x-pack/plugins/rule_registry/server/utils/create_get_summarized_alerts_fn.test.ts +++ b/x-pack/plugins/rule_registry/server/utils/create_get_summarized_alerts_fn.test.ts @@ -76,6 +76,8 @@ describe('createGetSummarizedAlertsFn', () => { }, hits: [ { + _id: '1', + _index: '.alerts-default-000001', _source: { [TIMESTAMP]: '2020-01-01T12:00:00.000Z', [ALERT_RULE_EXECUTION_UUID]: 'abc', @@ -86,6 +88,8 @@ describe('createGetSummarizedAlertsFn', () => { }, }, { + _id: '2', + _index: '.alerts-default-000001', _source: { [TIMESTAMP]: '2020-01-01T12:00:00.000Z', [ALERT_RULE_EXECUTION_UUID]: 'abc', @@ -105,6 +109,8 @@ describe('createGetSummarizedAlertsFn', () => { }, hits: [ { + _id: '3', + _index: '.alerts-default-000001', _source: { '@timestamp': '2020-01-01T12:00:00.000Z', [ALERT_RULE_EXECUTION_UUID]: 'abc', @@ -115,6 +121,8 @@ describe('createGetSummarizedAlertsFn', () => { }, }, { + _id: '4', + _index: '.alerts-default-000001', _source: { [TIMESTAMP]: '2020-01-01T12:00:00.000Z', [ALERT_RULE_EXECUTION_UUID]: 'abc', @@ -125,6 +133,8 @@ describe('createGetSummarizedAlertsFn', () => { }, }, { + _id: '5', + _index: '.alerts-default-000001', _source: { [TIMESTAMP]: '2020-01-01T12:00:00.000Z', [ALERT_RULE_EXECUTION_UUID]: 'abc', @@ -144,6 +154,8 @@ describe('createGetSummarizedAlertsFn', () => { }, hits: [ { + _id: '6', + _index: '.alerts-default-000001', _source: { '@timestamp': '2020-01-01T12:00:00.000Z', [ALERT_RULE_EXECUTION_UUID]: 'abc', @@ -283,56 +295,140 @@ describe('createGetSummarizedAlertsFn', () => { expect(summarizedAlerts.recovered.count).toEqual(1); expect(summarizedAlerts.new.data).toEqual([ { + _id: '1', + _index: '.alerts-default-000001', '@timestamp': '2020-01-01T12:00:00.000Z', - [ALERT_RULE_EXECUTION_UUID]: 'abc', - [ALERT_RULE_UUID]: 'rule-id', - [EVENT_ACTION]: 'open', - [ALERT_INSTANCE_ID]: 'TEST_ALERT_3', - [ALERT_UUID]: 'uuid1', + event: { + action: 'open', + }, + kibana: { + alert: { + instance: { + id: 'TEST_ALERT_3', + }, + rule: { + execution: { + uuid: 'abc', + }, + uuid: 'rule-id', + }, + uuid: 'uuid1', + }, + }, }, { + _id: '2', + _index: '.alerts-default-000001', '@timestamp': '2020-01-01T12:00:00.000Z', - [ALERT_RULE_EXECUTION_UUID]: 'abc', - [ALERT_RULE_UUID]: 'rule-id', - [EVENT_ACTION]: 'open', - [ALERT_INSTANCE_ID]: 'TEST_ALERT_4', - [ALERT_UUID]: 'uuid2', + event: { + action: 'open', + }, + kibana: { + alert: { + instance: { + id: 'TEST_ALERT_4', + }, + rule: { + execution: { + uuid: 'abc', + }, + uuid: 'rule-id', + }, + uuid: 'uuid2', + }, + }, }, ]); expect(summarizedAlerts.ongoing.data).toEqual([ { + _id: '3', + _index: '.alerts-default-000001', '@timestamp': '2020-01-01T12:00:00.000Z', - [ALERT_RULE_EXECUTION_UUID]: 'abc', - [ALERT_RULE_UUID]: 'rule-id', - [EVENT_ACTION]: 'active', - [ALERT_INSTANCE_ID]: 'TEST_ALERT_1', - [ALERT_UUID]: 'uuid3', + event: { + action: 'active', + }, + kibana: { + alert: { + instance: { + id: 'TEST_ALERT_1', + }, + rule: { + execution: { + uuid: 'abc', + }, + uuid: 'rule-id', + }, + uuid: 'uuid3', + }, + }, }, { + _id: '4', + _index: '.alerts-default-000001', '@timestamp': '2020-01-01T12:00:00.000Z', - [ALERT_RULE_EXECUTION_UUID]: 'abc', - [ALERT_RULE_UUID]: 'rule-id', - [EVENT_ACTION]: 'active', - [ALERT_INSTANCE_ID]: 'TEST_ALERT_2', - [ALERT_UUID]: 'uuid4', + event: { + action: 'active', + }, + kibana: { + alert: { + instance: { + id: 'TEST_ALERT_2', + }, + rule: { + execution: { + uuid: 'abc', + }, + uuid: 'rule-id', + }, + uuid: 'uuid4', + }, + }, }, { + _id: '5', + _index: '.alerts-default-000001', '@timestamp': '2020-01-01T12:00:00.000Z', - [ALERT_RULE_EXECUTION_UUID]: 'abc', - [ALERT_RULE_UUID]: 'rule-id', - [EVENT_ACTION]: 'active', - [ALERT_INSTANCE_ID]: 'TEST_ALERT_5', - [ALERT_UUID]: 'uuid5', + event: { + action: 'active', + }, + kibana: { + alert: { + instance: { + id: 'TEST_ALERT_5', + }, + rule: { + execution: { + uuid: 'abc', + }, + uuid: 'rule-id', + }, + uuid: 'uuid5', + }, + }, }, ]); expect(summarizedAlerts.recovered.data).toEqual([ { + _id: '6', + _index: '.alerts-default-000001', '@timestamp': '2020-01-01T12:00:00.000Z', - [ALERT_RULE_EXECUTION_UUID]: 'abc', - [ALERT_RULE_UUID]: 'rule-id', - [EVENT_ACTION]: 'close', - [ALERT_INSTANCE_ID]: 'TEST_ALERT_9', - [ALERT_UUID]: 'uuid6', + event: { + action: 'close', + }, + kibana: { + alert: { + instance: { + id: 'TEST_ALERT_9', + }, + rule: { + execution: { + uuid: 'abc', + }, + uuid: 'rule-id', + }, + uuid: 'uuid6', + }, + }, }, ]); }); @@ -345,6 +441,8 @@ describe('createGetSummarizedAlertsFn', () => { }, hits: [ { + _id: '1', + _index: '.alerts-default-000001', _source: { [TIMESTAMP]: '2020-01-01T12:00:00.000Z', [ALERT_RULE_EXECUTION_UUID]: 'abc', @@ -356,6 +454,8 @@ describe('createGetSummarizedAlertsFn', () => { }, }, { + _id: '2', + _index: '.alerts-default-000001', _source: { [TIMESTAMP]: '2020-01-01T12:00:00.000Z', [ALERT_RULE_EXECUTION_UUID]: 'abc', @@ -367,6 +467,8 @@ describe('createGetSummarizedAlertsFn', () => { }, }, { + _id: '3', + _index: '.alerts-default-000001', _source: { [TIMESTAMP]: '2020-01-01T12:10:00.000Z', [ALERT_RULE_EXECUTION_UUID]: 'abc', @@ -387,6 +489,8 @@ describe('createGetSummarizedAlertsFn', () => { }, hits: [ { + _id: '4', + _index: '.alerts-default-000001', _source: { [TIMESTAMP]: '2020-01-01T12:20:00.000Z', [ALERT_RULE_EXECUTION_UUID]: 'abc', @@ -398,6 +502,8 @@ describe('createGetSummarizedAlertsFn', () => { }, }, { + _id: '5', + _index: '.alerts-default-000001', _source: { [TIMESTAMP]: '2020-01-01T12:00:00.000Z', [ALERT_RULE_EXECUTION_UUID]: 'abc', @@ -418,6 +524,8 @@ describe('createGetSummarizedAlertsFn', () => { }, hits: [ { + _id: '6', + _index: '.alerts-default-000001', _source: { [TIMESTAMP]: '2020-01-01T12:20:00.000Z', [ALERT_RULE_EXECUTION_UUID]: 'abc', @@ -585,63 +693,135 @@ describe('createGetSummarizedAlertsFn', () => { expect(summarizedAlerts.recovered.count).toEqual(1); expect(summarizedAlerts.new.data).toEqual([ { + _id: '1', + _index: '.alerts-default-000001', [TIMESTAMP]: '2020-01-01T12:00:00.000Z', - [ALERT_RULE_EXECUTION_UUID]: 'abc', - [ALERT_RULE_UUID]: 'rule-id', - [ALERT_INSTANCE_ID]: 'TEST_ALERT_3', - [ALERT_UUID]: 'uuid1', - [ALERT_START]: '2020-01-01T12:00:00.000Z', alert_type: 'new', + kibana: { + alert: { + instance: { + id: 'TEST_ALERT_3', + }, + rule: { + execution: { + uuid: 'abc', + }, + uuid: 'rule-id', + }, + start: '2020-01-01T12:00:00.000Z', + uuid: 'uuid1', + }, + }, }, { + _id: '2', + _index: '.alerts-default-000001', [TIMESTAMP]: '2020-01-01T12:00:00.000Z', - [ALERT_RULE_EXECUTION_UUID]: 'abc', - [ALERT_RULE_UUID]: 'rule-id', - [ALERT_INSTANCE_ID]: 'TEST_ALERT_4', - [ALERT_UUID]: 'uuid2', - [ALERT_START]: '2020-01-01T12:00:00.000Z', alert_type: 'new', + kibana: { + alert: { + instance: { + id: 'TEST_ALERT_4', + }, + rule: { + execution: { + uuid: 'abc', + }, + uuid: 'rule-id', + }, + start: '2020-01-01T12:00:00.000Z', + uuid: 'uuid2', + }, + }, }, { + _id: '3', + _index: '.alerts-default-000001', [TIMESTAMP]: '2020-01-01T12:10:00.000Z', - [ALERT_RULE_EXECUTION_UUID]: 'abc', - [ALERT_RULE_UUID]: 'rule-id', - [ALERT_INSTANCE_ID]: 'TEST_ALERT_1', - [ALERT_UUID]: 'uuid3', - [ALERT_START]: '2020-01-01T12:10:00.000Z', alert_type: 'new', + kibana: { + alert: { + instance: { + id: 'TEST_ALERT_1', + }, + rule: { + execution: { + uuid: 'abc', + }, + uuid: 'rule-id', + }, + start: '2020-01-01T12:10:00.000Z', + uuid: 'uuid3', + }, + }, }, ]); expect(summarizedAlerts.ongoing.data).toEqual([ { + _id: '4', + _index: '.alerts-default-000001', [TIMESTAMP]: '2020-01-01T12:20:00.000Z', - [ALERT_RULE_EXECUTION_UUID]: 'abc', - [ALERT_RULE_UUID]: 'rule-id', - [ALERT_INSTANCE_ID]: 'TEST_ALERT_2', - [ALERT_UUID]: 'uuid4', - [ALERT_START]: '2020-01-01T12:00:00.000Z', alert_type: 'ongoing', + kibana: { + alert: { + instance: { + id: 'TEST_ALERT_2', + }, + rule: { + execution: { + uuid: 'abc', + }, + uuid: 'rule-id', + }, + start: '2020-01-01T12:00:00.000Z', + uuid: 'uuid4', + }, + }, }, { + _id: '5', + _index: '.alerts-default-000001', [TIMESTAMP]: '2020-01-01T12:00:00.000Z', - [ALERT_RULE_EXECUTION_UUID]: 'abc', - [ALERT_RULE_UUID]: 'rule-id', - [ALERT_INSTANCE_ID]: 'TEST_ALERT_5', - [ALERT_UUID]: 'uuid5', - [ALERT_START]: '2020-01-01T11:00:00.000Z', alert_type: 'ongoing', + kibana: { + alert: { + instance: { + id: 'TEST_ALERT_5', + }, + rule: { + execution: { + uuid: 'abc', + }, + uuid: 'rule-id', + }, + start: '2020-01-01T11:00:00.000Z', + uuid: 'uuid5', + }, + }, }, ]); expect(summarizedAlerts.recovered.data).toEqual([ { + _id: '6', + _index: '.alerts-default-000001', [TIMESTAMP]: '2020-01-01T12:20:00.000Z', - [ALERT_RULE_EXECUTION_UUID]: 'abc', - [ALERT_RULE_UUID]: 'rule-id', - [ALERT_INSTANCE_ID]: 'TEST_ALERT_9', - [ALERT_UUID]: 'uuid6', - [ALERT_START]: '2020-01-01T11:00:00.000Z', - [ALERT_END]: '2020-01-01T12:20:00.000Z', alert_type: 'recovered', + kibana: { + alert: { + end: '2020-01-01T12:20:00.000Z', + instance: { + id: 'TEST_ALERT_9', + }, + rule: { + execution: { + uuid: 'abc', + }, + uuid: 'rule-id', + }, + start: '2020-01-01T11:00:00.000Z', + uuid: 'uuid6', + }, + }, }, ]); }); @@ -654,6 +834,8 @@ describe('createGetSummarizedAlertsFn', () => { }, hits: [ { + _id: '1', + _index: '.alerts-default-000001', _source: { '@timestamp': '2020-01-01T12:00:00.000Z', [ALERT_RULE_EXECUTION_UUID]: 'abc', @@ -663,6 +845,8 @@ describe('createGetSummarizedAlertsFn', () => { }, }, { + _id: '2', + _index: '.alerts-default-000001', _source: { '@timestamp': '2020-01-01T12:00:00.000Z', [ALERT_RULE_EXECUTION_UUID]: 'abc', @@ -672,6 +856,8 @@ describe('createGetSummarizedAlertsFn', () => { }, }, { + _id: '3', + _index: '.alerts-default-000001', _source: { '@timestamp': '2020-01-01T12:00:00.000Z', [ALERT_RULE_EXECUTION_UUID]: 'abc', @@ -681,6 +867,8 @@ describe('createGetSummarizedAlertsFn', () => { }, }, { + _id: '4', + _index: '.alerts-default-000001', _source: { '@timestamp': '2020-01-01T12:00:00.000Z', [ALERT_RULE_EXECUTION_UUID]: 'abc', @@ -690,16 +878,19 @@ describe('createGetSummarizedAlertsFn', () => { }, }, { + _id: '5', + _index: '.alerts-default-000001', _source: { '@timestamp': '2020-01-01T12:00:00.000Z', [ALERT_RULE_EXECUTION_UUID]: 'abc', [ALERT_RULE_UUID]: 'rule-id', - [EVENT_ACTION]: 'active', [ALERT_INSTANCE_ID]: 'TEST_ALERT_5', [ALERT_UUID]: 'uuid5', }, }, { + _id: '6', + _index: '.alerts-default-000001', _source: { '@timestamp': '2020-01-01T12:00:00.000Z', [ALERT_RULE_EXECUTION_UUID]: 'abc', @@ -761,47 +952,118 @@ describe('createGetSummarizedAlertsFn', () => { expect(summarizedAlerts.recovered.count).toEqual(0); expect(summarizedAlerts.new.data).toEqual([ { - '@timestamp': '2020-01-01T12:00:00.000Z', - [ALERT_RULE_EXECUTION_UUID]: 'abc', - [ALERT_RULE_UUID]: 'rule-id', - [ALERT_INSTANCE_ID]: 'TEST_ALERT_3', - [ALERT_UUID]: 'uuid1', + _id: '1', + _index: '.alerts-default-000001', + [TIMESTAMP]: '2020-01-01T12:00:00.000Z', + kibana: { + alert: { + instance: { + id: 'TEST_ALERT_3', + }, + rule: { + execution: { + uuid: 'abc', + }, + uuid: 'rule-id', + }, + uuid: 'uuid1', + }, + }, }, { - '@timestamp': '2020-01-01T12:00:00.000Z', - [ALERT_RULE_EXECUTION_UUID]: 'abc', - [ALERT_RULE_UUID]: 'rule-id', - [ALERT_INSTANCE_ID]: 'TEST_ALERT_4', - [ALERT_UUID]: 'uuid2', + _id: '2', + _index: '.alerts-default-000001', + [TIMESTAMP]: '2020-01-01T12:00:00.000Z', + kibana: { + alert: { + instance: { + id: 'TEST_ALERT_4', + }, + rule: { + execution: { + uuid: 'abc', + }, + uuid: 'rule-id', + }, + uuid: 'uuid2', + }, + }, }, { - '@timestamp': '2020-01-01T12:00:00.000Z', - [ALERT_RULE_EXECUTION_UUID]: 'abc', - [ALERT_RULE_UUID]: 'rule-id', - [ALERT_INSTANCE_ID]: 'TEST_ALERT_1', - [ALERT_UUID]: 'uuid3', + _id: '3', + _index: '.alerts-default-000001', + [TIMESTAMP]: '2020-01-01T12:00:00.000Z', + kibana: { + alert: { + instance: { + id: 'TEST_ALERT_1', + }, + rule: { + execution: { + uuid: 'abc', + }, + uuid: 'rule-id', + }, + uuid: 'uuid3', + }, + }, }, { - '@timestamp': '2020-01-01T12:00:00.000Z', - [ALERT_RULE_EXECUTION_UUID]: 'abc', - [ALERT_RULE_UUID]: 'rule-id', - [ALERT_INSTANCE_ID]: 'TEST_ALERT_2', - [ALERT_UUID]: 'uuid4', + _id: '4', + _index: '.alerts-default-000001', + [TIMESTAMP]: '2020-01-01T12:00:00.000Z', + kibana: { + alert: { + instance: { + id: 'TEST_ALERT_2', + }, + rule: { + execution: { + uuid: 'abc', + }, + uuid: 'rule-id', + }, + uuid: 'uuid4', + }, + }, }, { - '@timestamp': '2020-01-01T12:00:00.000Z', - [ALERT_RULE_EXECUTION_UUID]: 'abc', - [ALERT_RULE_UUID]: 'rule-id', - [EVENT_ACTION]: 'active', - [ALERT_INSTANCE_ID]: 'TEST_ALERT_5', - [ALERT_UUID]: 'uuid5', + _id: '5', + _index: '.alerts-default-000001', + [TIMESTAMP]: '2020-01-01T12:00:00.000Z', + kibana: { + alert: { + instance: { + id: 'TEST_ALERT_5', + }, + rule: { + execution: { + uuid: 'abc', + }, + uuid: 'rule-id', + }, + uuid: 'uuid5', + }, + }, }, { - '@timestamp': '2020-01-01T12:00:00.000Z', - [ALERT_RULE_EXECUTION_UUID]: 'abc', - [ALERT_RULE_UUID]: 'rule-id', - [ALERT_INSTANCE_ID]: 'TEST_ALERT_9', - [ALERT_UUID]: 'uuid6', + _id: '6', + _index: '.alerts-default-000001', + [TIMESTAMP]: '2020-01-01T12:00:00.000Z', + kibana: { + alert: { + instance: { + id: 'TEST_ALERT_9', + }, + rule: { + execution: { + uuid: 'abc', + }, + uuid: 'rule-id', + }, + uuid: 'uuid6', + }, + }, }, ]); expect(summarizedAlerts.ongoing.data).toEqual([]); @@ -816,57 +1078,395 @@ describe('createGetSummarizedAlertsFn', () => { }, hits: [ { + _id: '1', + _index: '.alerts-default-000001', + _source: { + [TIMESTAMP]: '2020-01-01T12:00:00.000Z', + [ALERT_RULE_EXECUTION_UUID]: 'abc', + [ALERT_RULE_UUID]: 'rule-id', + [ALERT_INSTANCE_ID]: 'TEST_ALERT_3', + [ALERT_UUID]: 'uuid1', + }, + }, + { + _id: '2', + _index: '.alerts-default-000001', + _source: { + [TIMESTAMP]: '2020-01-01T12:00:00.000Z', + [ALERT_RULE_EXECUTION_UUID]: 'abc', + [ALERT_RULE_UUID]: 'rule-id', + [ALERT_INSTANCE_ID]: 'TEST_ALERT_4', + [ALERT_UUID]: 'uuid2', + }, + }, + { + _id: '3', + _index: '.alerts-default-000001', + _source: { + [TIMESTAMP]: '2020-01-01T12:10:00.000Z', + [ALERT_RULE_EXECUTION_UUID]: 'abc', + [ALERT_RULE_UUID]: 'rule-id', + [ALERT_INSTANCE_ID]: 'TEST_ALERT_1', + [ALERT_UUID]: 'uuid3', + }, + }, + { + _id: '4', + _index: '.alerts-default-000001', + _source: { + [TIMESTAMP]: '2020-01-01T12:20:00.000Z', + [ALERT_RULE_EXECUTION_UUID]: 'abc', + [ALERT_RULE_UUID]: 'rule-id', + [ALERT_INSTANCE_ID]: 'TEST_ALERT_2', + [ALERT_UUID]: 'uuid4', + }, + }, + { + _id: '5', + _index: '.alerts-default-000001', + _source: { + [TIMESTAMP]: '2020-01-01T12:00:00.000Z', + [ALERT_RULE_EXECUTION_UUID]: 'abc', + [ALERT_RULE_UUID]: 'rule-id', + [ALERT_INSTANCE_ID]: 'TEST_ALERT_5', + [ALERT_UUID]: 'uuid5', + }, + }, + { + _id: '6', + _index: '.alerts-default-000001', + _source: { + [TIMESTAMP]: '2020-01-01T12:20:00.000Z', + [ALERT_RULE_EXECUTION_UUID]: 'abc', + [ALERT_RULE_UUID]: 'rule-id', + [ALERT_INSTANCE_ID]: 'TEST_ALERT_9', + [ALERT_UUID]: 'uuid6', + }, + }, + ], + }, + } as any); + const getSummarizedAlertsFn = createGetSummarizedAlertsFn({ + ruleDataClient: ruleDataClientMock, + useNamespace: true, + isLifecycleAlert: false, + })(); + + const summarizedAlerts = await getSummarizedAlertsFn({ + start: new Date('2020-01-01T11:00:00.000Z'), + end: new Date('2020-01-01T12:25:00.000Z'), + ruleId: 'rule-id', + spaceId: 'space-id', + excludedAlertInstanceIds: ['TEST_ALERT_10'], + }); + expect(ruleDataClientMock.getReader).toHaveBeenCalledWith({ namespace: 'space-id' }); + expect(ruleDataClientMock.getReader().search).toHaveBeenCalledTimes(1); + expect(ruleDataClientMock.getReader().search).toHaveBeenCalledWith({ + body: { + size: 100, + track_total_hits: true, + query: { + bool: { + filter: [ + { + range: { + [TIMESTAMP]: { + gte: '2020-01-01T11:00:00.000Z', + lt: '2020-01-01T12:25:00.000Z', + }, + }, + }, + { + term: { + [ALERT_RULE_UUID]: 'rule-id', + }, + }, + { + bool: { + must_not: { + terms: { + [ALERT_INSTANCE_ID]: ['TEST_ALERT_10'], + }, + }, + }, + }, + ], + }, + }, + }, + }); + expect(summarizedAlerts.new.count).toEqual(6); + expect(summarizedAlerts.ongoing.count).toEqual(0); + expect(summarizedAlerts.recovered.count).toEqual(0); + expect(summarizedAlerts.new.data).toEqual([ + { + _id: '1', + _index: '.alerts-default-000001', + [TIMESTAMP]: '2020-01-01T12:00:00.000Z', + kibana: { + alert: { + instance: { + id: 'TEST_ALERT_3', + }, + rule: { + execution: { + uuid: 'abc', + }, + uuid: 'rule-id', + }, + uuid: 'uuid1', + }, + }, + }, + { + _id: '2', + _index: '.alerts-default-000001', + [TIMESTAMP]: '2020-01-01T12:00:00.000Z', + kibana: { + alert: { + instance: { + id: 'TEST_ALERT_4', + }, + rule: { + execution: { + uuid: 'abc', + }, + uuid: 'rule-id', + }, + uuid: 'uuid2', + }, + }, + }, + { + _id: '3', + _index: '.alerts-default-000001', + [TIMESTAMP]: '2020-01-01T12:10:00.000Z', + kibana: { + alert: { + instance: { + id: 'TEST_ALERT_1', + }, + rule: { + execution: { + uuid: 'abc', + }, + uuid: 'rule-id', + }, + uuid: 'uuid3', + }, + }, + }, + { + _id: '4', + _index: '.alerts-default-000001', + [TIMESTAMP]: '2020-01-01T12:20:00.000Z', + kibana: { + alert: { + instance: { + id: 'TEST_ALERT_2', + }, + rule: { + execution: { + uuid: 'abc', + }, + uuid: 'rule-id', + }, + uuid: 'uuid4', + }, + }, + }, + { + _id: '5', + _index: '.alerts-default-000001', + [TIMESTAMP]: '2020-01-01T12:00:00.000Z', + kibana: { + alert: { + instance: { + id: 'TEST_ALERT_5', + }, + rule: { + execution: { + uuid: 'abc', + }, + uuid: 'rule-id', + }, + uuid: 'uuid5', + }, + }, + }, + { + _id: '6', + _index: '.alerts-default-000001', + [TIMESTAMP]: '2020-01-01T12:20:00.000Z', + kibana: { + alert: { + instance: { + id: 'TEST_ALERT_9', + }, + rule: { + execution: { + uuid: 'abc', + }, + uuid: 'rule-id', + }, + uuid: 'uuid6', + }, + }, + }, + ]); + expect(summarizedAlerts.ongoing.data).toEqual([]); + expect(summarizedAlerts.recovered.data).toEqual([]); + }); + + it('creates function that correctly formats alerts', async () => { + ruleDataClientMock.getReader().search.mockResolvedValueOnce({ + hits: { + total: { + value: 6, + }, + hits: [ + { + _id: '1', + _index: '.alerts-default-000001', _source: { [TIMESTAMP]: '2020-01-01T12:00:00.000Z', [ALERT_RULE_EXECUTION_UUID]: 'abc', [ALERT_RULE_UUID]: 'rule-id', [ALERT_INSTANCE_ID]: 'TEST_ALERT_3', [ALERT_UUID]: 'uuid1', + kibana: { + alert: { + instance: { + id: 'TEST_ALERT_3', + }, + rule: { + execution: { + uuid: 'abc', + }, + }, + uuid: 'uuid1', + }, + }, }, }, { + _id: '2', + _index: '.alerts-default-000001', _source: { [TIMESTAMP]: '2020-01-01T12:00:00.000Z', [ALERT_RULE_EXECUTION_UUID]: 'abc', [ALERT_RULE_UUID]: 'rule-id', [ALERT_INSTANCE_ID]: 'TEST_ALERT_4', [ALERT_UUID]: 'uuid2', + kibana: { + alert: { + instance: { + id: 'TEST_ALERT_4', + }, + rule: { + execution: { + uuid: 'abc', + }, + }, + uuid: 'uuid2', + }, + }, }, }, { + _id: '3', + _index: '.alerts-default-000001', _source: { [TIMESTAMP]: '2020-01-01T12:10:00.000Z', [ALERT_RULE_EXECUTION_UUID]: 'abc', [ALERT_RULE_UUID]: 'rule-id', [ALERT_INSTANCE_ID]: 'TEST_ALERT_1', [ALERT_UUID]: 'uuid3', + kibana: { + alert: { + instance: { + id: 'TEST_ALERT_1', + }, + rule: { + execution: { + uuid: 'abc', + }, + }, + uuid: 'uuid3', + }, + }, }, }, { + _id: '4', + _index: '.alerts-default-000001', _source: { [TIMESTAMP]: '2020-01-01T12:20:00.000Z', [ALERT_RULE_EXECUTION_UUID]: 'abc', [ALERT_RULE_UUID]: 'rule-id', [ALERT_INSTANCE_ID]: 'TEST_ALERT_2', [ALERT_UUID]: 'uuid4', + kibana: { + alert: { + instance: { + id: 'TEST_ALERT_2', + }, + rule: { + execution: { + uuid: 'abc', + }, + }, + uuid: 'uuid4', + }, + }, }, }, { + _id: '5', + _index: '.alerts-default-000001', _source: { [TIMESTAMP]: '2020-01-01T12:00:00.000Z', [ALERT_RULE_EXECUTION_UUID]: 'abc', [ALERT_RULE_UUID]: 'rule-id', [ALERT_INSTANCE_ID]: 'TEST_ALERT_5', [ALERT_UUID]: 'uuid5', + kibana: { + alert: { + instance: { + id: 'TEST_ALERT_5', + }, + rule: { + execution: { + uuid: 'abc', + }, + }, + uuid: 'uuid5', + }, + }, }, }, { + _id: '6', + _index: '.alerts-default-000001', _source: { [TIMESTAMP]: '2020-01-01T12:20:00.000Z', [ALERT_RULE_EXECUTION_UUID]: 'abc', [ALERT_RULE_UUID]: 'rule-id', [ALERT_INSTANCE_ID]: 'TEST_ALERT_9', [ALERT_UUID]: 'uuid6', + kibana: { + alert: { + instance: { + id: 'TEST_ALERT_9', + }, + rule: { + execution: { + uuid: 'abc', + }, + }, + uuid: 'uuid6', + }, + }, }, }, ], @@ -926,46 +1526,118 @@ describe('createGetSummarizedAlertsFn', () => { expect(summarizedAlerts.recovered.count).toEqual(0); expect(summarizedAlerts.new.data).toEqual([ { + _id: '1', + _index: '.alerts-default-000001', [TIMESTAMP]: '2020-01-01T12:00:00.000Z', - [ALERT_RULE_EXECUTION_UUID]: 'abc', - [ALERT_RULE_UUID]: 'rule-id', - [ALERT_INSTANCE_ID]: 'TEST_ALERT_3', - [ALERT_UUID]: 'uuid1', + kibana: { + alert: { + instance: { + id: 'TEST_ALERT_3', + }, + rule: { + execution: { + uuid: 'abc', + }, + uuid: 'rule-id', + }, + uuid: 'uuid1', + }, + }, }, { + _id: '2', + _index: '.alerts-default-000001', [TIMESTAMP]: '2020-01-01T12:00:00.000Z', - [ALERT_RULE_EXECUTION_UUID]: 'abc', - [ALERT_RULE_UUID]: 'rule-id', - [ALERT_INSTANCE_ID]: 'TEST_ALERT_4', - [ALERT_UUID]: 'uuid2', + kibana: { + alert: { + instance: { + id: 'TEST_ALERT_4', + }, + rule: { + execution: { + uuid: 'abc', + }, + uuid: 'rule-id', + }, + uuid: 'uuid2', + }, + }, }, { + _id: '3', + _index: '.alerts-default-000001', [TIMESTAMP]: '2020-01-01T12:10:00.000Z', - [ALERT_RULE_EXECUTION_UUID]: 'abc', - [ALERT_RULE_UUID]: 'rule-id', - [ALERT_INSTANCE_ID]: 'TEST_ALERT_1', - [ALERT_UUID]: 'uuid3', + kibana: { + alert: { + instance: { + id: 'TEST_ALERT_1', + }, + rule: { + execution: { + uuid: 'abc', + }, + uuid: 'rule-id', + }, + uuid: 'uuid3', + }, + }, }, { + _id: '4', + _index: '.alerts-default-000001', [TIMESTAMP]: '2020-01-01T12:20:00.000Z', - [ALERT_RULE_EXECUTION_UUID]: 'abc', - [ALERT_RULE_UUID]: 'rule-id', - [ALERT_INSTANCE_ID]: 'TEST_ALERT_2', - [ALERT_UUID]: 'uuid4', + kibana: { + alert: { + instance: { + id: 'TEST_ALERT_2', + }, + rule: { + execution: { + uuid: 'abc', + }, + uuid: 'rule-id', + }, + uuid: 'uuid4', + }, + }, }, { + _id: '5', + _index: '.alerts-default-000001', [TIMESTAMP]: '2020-01-01T12:00:00.000Z', - [ALERT_RULE_EXECUTION_UUID]: 'abc', - [ALERT_RULE_UUID]: 'rule-id', - [ALERT_INSTANCE_ID]: 'TEST_ALERT_5', - [ALERT_UUID]: 'uuid5', + kibana: { + alert: { + instance: { + id: 'TEST_ALERT_5', + }, + rule: { + execution: { + uuid: 'abc', + }, + uuid: 'rule-id', + }, + uuid: 'uuid5', + }, + }, }, { + _id: '6', + _index: '.alerts-default-000001', [TIMESTAMP]: '2020-01-01T12:20:00.000Z', - [ALERT_RULE_EXECUTION_UUID]: 'abc', - [ALERT_RULE_UUID]: 'rule-id', - [ALERT_INSTANCE_ID]: 'TEST_ALERT_9', - [ALERT_UUID]: 'uuid6', + kibana: { + alert: { + instance: { + id: 'TEST_ALERT_9', + }, + rule: { + execution: { + uuid: 'abc', + }, + uuid: 'rule-id', + }, + uuid: 'uuid6', + }, + }, }, ]); expect(summarizedAlerts.ongoing.data).toEqual([]); diff --git a/x-pack/plugins/rule_registry/server/utils/create_get_summarized_alerts_fn.ts b/x-pack/plugins/rule_registry/server/utils/create_get_summarized_alerts_fn.ts index 82d044ad65a68..fbe425d120674 100644 --- a/x-pack/plugins/rule_registry/server/utils/create_get_summarized_alerts_fn.ts +++ b/x-pack/plugins/rule_registry/server/utils/create_get_summarized_alerts_fn.ts @@ -5,6 +5,7 @@ * 2.0. */ +import { merge } from 'lodash'; import type { PublicContract } from '@kbn/utility-types'; import { ESSearchRequest, ESSearchResponse } from '@kbn/es-types'; import type { GetSummarizedAlertsFnOpts } from '@kbn/alerting-plugin/server'; @@ -179,12 +180,41 @@ const getLifecycleAlertsByExecutionUuid = async ({ }; }; +const expandDottedField = (dottedFieldName: string, val: unknown): object => { + const parts = dottedFieldName.split('.'); + if (parts.length === 1) { + return { [parts[0]]: val }; + } else { + return { [parts[0]]: expandDottedField(parts.slice(1).join('.'), val) }; + } +}; + +const expandFlattenedAlert = (alert: object) => { + if (Array.isArray(alert)) { + return alert; + } + return Object.entries(alert).reduce( + (acc, [key, val]) => merge(acc, expandDottedField(key, val)), + {} + ); +}; + const getHitsWithCount = ( response: ESSearchResponse ) => { return { count: (response.hits.total as SearchTotalHits).value, - data: response.hits.hits.map((r) => r._source), + data: response.hits.hits.map((hit) => { + const { _id, _index, _source } = hit; + + const rawAlert = { + _id, + _index, + ..._source, + }; + + return expandFlattenedAlert(rawAlert as object); + }), }; }; diff --git a/x-pack/test/rule_registry/spaces_only/tests/trial/get_summarized_alerts.ts b/x-pack/test/rule_registry/spaces_only/tests/trial/get_summarized_alerts.ts index 8f50fd4589769..ccf57b8f6a0c1 100644 --- a/x-pack/test/rule_registry/spaces_only/tests/trial/get_summarized_alerts.ts +++ b/x-pack/test/rule_registry/spaces_only/tests/trial/get_summarized_alerts.ts @@ -28,6 +28,7 @@ import { RuleDataService, } from '@kbn/rule-registry-plugin/server'; import { RuleExecutorOptions } from '@kbn/alerting-plugin/server'; +import { get } from 'lodash'; import type { FtrProviderContext } from '../../../common/ftr_provider_context'; import { MockRuleParams, @@ -357,7 +358,7 @@ export default function createGetSummarizedAlertsTest({ getService }: FtrProvide expect(summarizedAlertsExcludingId1.new.count).to.eql(1); expect(summarizedAlertsExcludingId1.ongoing.count).to.eql(0); expect(summarizedAlertsExcludingId1.recovered.count).to.eql(0); - expect(summarizedAlertsExcludingId1.new.data[0][ALERT_INSTANCE_ID]).to.eql(id2); + expect(get(summarizedAlertsExcludingId1.new.data[0], ALERT_INSTANCE_ID)).to.eql(id2); const summarizedAlertsExcludingId2 = await getSummarizedAlerts({ ruleId, @@ -368,7 +369,7 @@ export default function createGetSummarizedAlertsTest({ getService }: FtrProvide expect(summarizedAlertsExcludingId2.new.count).to.eql(1); expect(summarizedAlertsExcludingId2.ongoing.count).to.eql(0); expect(summarizedAlertsExcludingId2.recovered.count).to.eql(0); - expect(summarizedAlertsExcludingId2.new.data[0][ALERT_INSTANCE_ID]).to.eql(id1); + expect(get(summarizedAlertsExcludingId2.new.data[0], ALERT_INSTANCE_ID)).to.eql(id1); }); }); } From 78c2c07e529176da990147f4bdb87bcd97d25891 Mon Sep 17 00:00:00 2001 From: Ying Date: Tue, 20 Dec 2022 16:30:10 -0500 Subject: [PATCH 2/3] Reverting unnecessary change --- .../plugins/alerting/server/routes/create_rule.ts | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/x-pack/plugins/alerting/server/routes/create_rule.ts b/x-pack/plugins/alerting/server/routes/create_rule.ts index 145934df29341..2e2f420b65936 100644 --- a/x-pack/plugins/alerting/server/routes/create_rule.ts +++ b/x-pack/plugins/alerting/server/routes/create_rule.ts @@ -128,18 +128,8 @@ export const createRuleRoute = ({ router, licenseState, usageCounter }: RouteOpt await rulesClient.create({ data: rewriteBodyReq({ ...rule, - actions: rule.actions.map((action) => { - return { - ...action, - frequency: { - summary: true, - throttle: null, - notifyWhen: 'onActiveAlert', - }, - }; - }), - notify_when: undefined, - throttle: undefined, + actions: rewriteActions(rule.actions), + notify_when: rule.notify_when as RuleNotifyWhenType, }), options: { id: params?.id }, }); From 9266255f63e69d6ce7a587b6e6fd91182e160b21 Mon Sep 17 00:00:00 2001 From: Ying Date: Wed, 21 Dec 2022 14:49:17 -0500 Subject: [PATCH 3/3] PR feedback --- .../server/utils/create_get_summarized_alerts_fn.ts | 3 --- 1 file changed, 3 deletions(-) diff --git a/x-pack/plugins/rule_registry/server/utils/create_get_summarized_alerts_fn.ts b/x-pack/plugins/rule_registry/server/utils/create_get_summarized_alerts_fn.ts index fbe425d120674..4754d47f236e3 100644 --- a/x-pack/plugins/rule_registry/server/utils/create_get_summarized_alerts_fn.ts +++ b/x-pack/plugins/rule_registry/server/utils/create_get_summarized_alerts_fn.ts @@ -190,9 +190,6 @@ const expandDottedField = (dottedFieldName: string, val: unknown): object => { }; const expandFlattenedAlert = (alert: object) => { - if (Array.isArray(alert)) { - return alert; - } return Object.entries(alert).reduce( (acc, [key, val]) => merge(acc, expandDottedField(key, val)), {}