[Alerting] Display Action Group in Alert Details

x-pack/plugins/alerts/common/alert_instance_summary.ts

@@ -27,5 +27,6 @@ export interface AlertInstanceSummary {
 export interface AlertInstanceStatus {
   status: AlertInstanceStatusValues;
   muted: boolean;
+  actionGroupId?: string;
   activeStartDate?: string;
 }

x-pack/plugins/alerts/server/alerts_client/tests/get_alert_instance_summary.test.ts

@@ -118,12 +118,12 @@ describe('getAlertInstanceSummary()', () => {
       .addExecute()
       .addNewInstance('instance-currently-active')
       .addNewInstance('instance-previously-active')
-      .addActiveInstance('instance-currently-active')
-      .addActiveInstance('instance-previously-active')
+      .addActiveInstance('instance-currently-active', 'action group A')
+      .addActiveInstance('instance-previously-active', 'action group B')
       .advanceTime(10000)
       .addExecute()
       .addResolvedInstance('instance-previously-active')
-      .addActiveInstance('instance-currently-active')
+      .addActiveInstance('instance-currently-active', 'action group A')
       .getEvents();
     const eventsResult = {
       ...AlertInstanceSummaryFindEventsResult,
@@ -144,16 +144,19 @@ describe('getAlertInstanceSummary()', () => {
         "id": "1",
         "instances": Object {
           "instance-currently-active": Object {
+            "actionGroupId": "action group A",
             "activeStartDate": "2019-02-12T21:01:22.479Z",
             "muted": false,
             "status": "Active",
           },
           "instance-muted-no-activity": Object {
+            "actionGroupId": undefined,
             "activeStartDate": undefined,
             "muted": true,
             "status": "OK",
           },
           "instance-previously-active": Object {
+            "actionGroupId": undefined,
             "activeStartDate": undefined,
             "muted": false,
             "status": "OK",

x-pack/plugins/alerts/server/lib/alert_instance_summary_from_event_log.test.ts

@@ -104,11 +104,13 @@ describe('alertInstanceSummaryFromEventLog', () => {
       Object {
         "instances": Object {
           "instance-1": Object {
+            "actionGroupId": undefined,
             "activeStartDate": undefined,
             "muted": true,
             "status": "OK",
           },
           "instance-2": Object {
+            "actionGroupId": undefined,
             "activeStartDate": undefined,
             "muted": true,
             "status": "OK",
@@ -184,7 +186,7 @@ describe('alertInstanceSummaryFromEventLog', () => {
     const events = eventsFactory
       .addExecute()
       .addNewInstance('instance-1')
-      .addActiveInstance('instance-1')
+      .addActiveInstance('instance-1', 'action group A')
       .advanceTime(10000)
       .addExecute()
       .addResolvedInstance('instance-1')
@@ -202,6 +204,7 @@ describe('alertInstanceSummaryFromEventLog', () => {
       Object {
         "instances": Object {
           "instance-1": Object {
+            "actionGroupId": undefined,
             "activeStartDate": undefined,
             "muted": false,
             "status": "OK",
@@ -218,7 +221,7 @@ describe('alertInstanceSummaryFromEventLog', () => {
     const eventsFactory = new EventsFactory();
     const events = eventsFactory
       .addExecute()
-      .addActiveInstance('instance-1')
+      .addActiveInstance('instance-1', 'action group A')
       .advanceTime(10000)
       .addExecute()
       .addResolvedInstance('instance-1')
@@ -236,6 +239,7 @@ describe('alertInstanceSummaryFromEventLog', () => {
       Object {
         "instances": Object {
           "instance-1": Object {
+            "actionGroupId": undefined,
             "activeStartDate": undefined,
             "muted": false,
             "status": "OK",
@@ -253,10 +257,10 @@ describe('alertInstanceSummaryFromEventLog', () => {
     const events = eventsFactory
       .addExecute()
       .addNewInstance('instance-1')
-      .addActiveInstance('instance-1')
+      .addActiveInstance('instance-1', 'action group A')
       .advanceTime(10000)
       .addExecute()
-      .addActiveInstance('instance-1')
+      .addActiveInstance('instance-1', 'action group A')
       .getEvents();
 
     const summary: AlertInstanceSummary = alertInstanceSummaryFromEventLog({
@@ -271,6 +275,79 @@ describe('alertInstanceSummaryFromEventLog', () => {
       Object {
         "instances": Object {
           "instance-1": Object {
+            "actionGroupId": "action group A",
+            "activeStartDate": "2020-06-18T00:00:00.000Z",
+            "muted": false,
+            "status": "Active",
+          },
+        },
+        "lastRun": "2020-06-18T00:00:10.000Z",
+        "status": "Active",
+      }
+    `);
+  });
+
+  test('alert with currently active instance with no action group in event log', async () => {
+    const alert = createAlert({});
+    const eventsFactory = new EventsFactory();
+    const events = eventsFactory
+      .addExecute()
+      .addNewInstance('instance-1')
+      .addActiveInstance('instance-1', undefined)
+      .advanceTime(10000)
+      .addExecute()
+      .addActiveInstance('instance-1', undefined)
+      .getEvents();
+
+    const summary: AlertInstanceSummary = alertInstanceSummaryFromEventLog({
+      alert,
+      events,
+      dateStart,
+      dateEnd,
+    });
+
+    const { lastRun, status, instances } = summary;
+    expect({ lastRun, status, instances }).toMatchInlineSnapshot(`
+      Object {
+        "instances": Object {
+          "instance-1": Object {
+            "actionGroupId": undefined,
+            "activeStartDate": "2020-06-18T00:00:00.000Z",
+            "muted": false,
+            "status": "Active",
+          },
+        },
+        "lastRun": "2020-06-18T00:00:10.000Z",
+        "status": "Active",
+      }
+    `);
+  });
+
+  test('alert with currently active instance that switched action groups', async () => {
+    const alert = createAlert({});
+    const eventsFactory = new EventsFactory();
+    const events = eventsFactory
+      .addExecute()
+      .addNewInstance('instance-1')
+      .addActiveInstance('instance-1', 'action group A')
+      .advanceTime(10000)
+      .addExecute()
+      .addActiveInstance('instance-1', 'action group B')
+      .getEvents();
+
+    const summary: AlertInstanceSummary = alertInstanceSummaryFromEventLog({
+      alert,
+      events,
+      dateStart,
+      dateEnd,
+    });
+
+    const { lastRun, status, instances } = summary;
+    expect({ lastRun, status, instances }).toMatchInlineSnapshot(`
+      Object {
+        "instances": Object {
+          "instance-1": Object {
+            "actionGroupId": "action group B",
             "activeStartDate": "2020-06-18T00:00:00.000Z",
             "muted": false,
             "status": "Active",
@@ -287,10 +364,10 @@ describe('alertInstanceSummaryFromEventLog', () => {
     const eventsFactory = new EventsFactory();
     const events = eventsFactory
       .addExecute()
-      .addActiveInstance('instance-1')
+      .addActiveInstance('instance-1', 'action group A')
       .advanceTime(10000)
       .addExecute()
-      .addActiveInstance('instance-1')
+      .addActiveInstance('instance-1', 'action group A')
       .getEvents();
 
     const summary: AlertInstanceSummary = alertInstanceSummaryFromEventLog({
@@ -305,6 +382,7 @@ describe('alertInstanceSummaryFromEventLog', () => {
       Object {
         "instances": Object {
           "instance-1": Object {
+            "actionGroupId": "action group A",
             "activeStartDate": undefined,
             "muted": false,
             "status": "Active",
@@ -322,12 +400,12 @@ describe('alertInstanceSummaryFromEventLog', () => {
     const events = eventsFactory
       .addExecute()
       .addNewInstance('instance-1')
-      .addActiveInstance('instance-1')
+      .addActiveInstance('instance-1', 'action group A')
       .addNewInstance('instance-2')
-      .addActiveInstance('instance-2')
+      .addActiveInstance('instance-2', 'action group B')
       .advanceTime(10000)
       .addExecute()
-      .addActiveInstance('instance-1')
+      .addActiveInstance('instance-1', 'action group A')
       .addResolvedInstance('instance-2')
       .getEvents();
 
@@ -343,11 +421,13 @@ describe('alertInstanceSummaryFromEventLog', () => {
       Object {
         "instances": Object {
           "instance-1": Object {
+            "actionGroupId": "action group A",
             "activeStartDate": "2020-06-18T00:00:00.000Z",
             "muted": true,
             "status": "Active",
           },
           "instance-2": Object {
+            "actionGroupId": undefined,
             "activeStartDate": undefined,
             "muted": true,
             "status": "OK",
@@ -365,19 +445,19 @@ describe('alertInstanceSummaryFromEventLog', () => {
     const events = eventsFactory
       .addExecute()
       .addNewInstance('instance-1')
-      .addActiveInstance('instance-1')
+      .addActiveInstance('instance-1', 'action group A')
       .addNewInstance('instance-2')
-      .addActiveInstance('instance-2')
+      .addActiveInstance('instance-2', 'action group B')
       .advanceTime(10000)
       .addExecute()
-      .addActiveInstance('instance-1')
+      .addActiveInstance('instance-1', 'action group A')
       .addResolvedInstance('instance-2')
       .advanceTime(10000)
       .addExecute()
-      .addActiveInstance('instance-1')
+      .addActiveInstance('instance-1', 'action group B')
       .advanceTime(10000)
       .addExecute()
-      .addActiveInstance('instance-1')
+      .addActiveInstance('instance-1', 'action group B')
       .getEvents();
 
     const summary: AlertInstanceSummary = alertInstanceSummaryFromEventLog({
@@ -392,11 +472,13 @@ describe('alertInstanceSummaryFromEventLog', () => {
       Object {
         "instances": Object {
           "instance-1": Object {
+            "actionGroupId": "action group B",
             "activeStartDate": "2020-06-18T00:00:00.000Z",
             "muted": false,
             "status": "Active",
           },
           "instance-2": Object {
+            "actionGroupId": undefined,
             "activeStartDate": undefined,
             "muted": false,
             "status": "OK",
@@ -452,14 +534,17 @@ export class EventsFactory {
     return this;
   }
 
-  addActiveInstance(instanceId: string): EventsFactory {
+  addActiveInstance(instanceId: string, actionGroupId: string | undefined): EventsFactory {
+    const kibanaAlerting = actionGroupId
+      ? { instance_id: instanceId, action_group_id: actionGroupId }
+      : { instance_id: instanceId };
     this.events.push({
       '@timestamp': this.date,
       event: {
         provider: EVENT_LOG_PROVIDER,
         action: EVENT_LOG_ACTIONS.activeInstance,
       },
-      kibana: { alerting: { instance_id: instanceId } },
+      kibana: { alerting: kibanaAlerting },
     });
     return this;
   }

x-pack/plugins/alerts/server/lib/alert_instance_summary_from_event_log.ts

@@ -78,10 +78,12 @@ export function alertInstanceSummaryFromEventLog(
       // intentionally no break here
       case EVENT_LOG_ACTIONS.activeInstance:
         status.status = 'Active';
+        status.actionGroupId = event?.kibana?.alerting?.action_group_id;
         break;
       case EVENT_LOG_ACTIONS.resolvedInstance:
         status.status = 'OK';
         status.activeStartDate = undefined;
+        status.actionGroupId = undefined;
     }
   }
 
@@ -118,6 +120,7 @@ function getAlertInstanceStatus(
   const status: AlertInstanceStatus = {
     status: 'OK',
     muted: false,
+    actionGroupId: undefined,
     activeStartDate: undefined,
   };
   instances.set(instanceId, status);

x-pack/plugins/alerts/server/task_runner/task_runner.test.ts

@@ -292,6 +292,7 @@ describe('Task Runner', () => {
       kibana: {
         alerting: {
           instance_id: '1',
+          action_group_id: 'default',
         },
         saved_objects: [
           {
@@ -302,7 +303,7 @@ describe('Task Runner', () => {
           },
         ],
       },
-      message: "test:1: 'alert-name' active instance: '1'",
+      message: "test:1: 'alert-name' active instance: '1' in actionGroup: 'default'",
     });
     expect(eventLogger.logEvent).toHaveBeenCalledWith({
       event: {
@@ -424,6 +425,7 @@ describe('Task Runner', () => {
             },
             "kibana": Object {
               "alerting": Object {
+                "action_group_id": undefined,
                 "instance_id": "1",
               },
               "saved_objects": Array [
@@ -445,6 +447,7 @@ describe('Task Runner', () => {
             },
             "kibana": Object {
               "alerting": Object {
+                "action_group_id": "default",
                 "instance_id": "1",
               },
               "saved_objects": Array [
@@ -456,7 +459,7 @@ describe('Task Runner', () => {
                 },
               ],
             },
-            "message": "test:1: 'alert-name' active instance: '1'",
+            "message": "test:1: 'alert-name' active instance: '1' in actionGroup: 'default'",
           },
         ],
         Array [
@@ -565,6 +568,7 @@ describe('Task Runner', () => {
             },
             "kibana": Object {
               "alerting": Object {
+                "action_group_id": undefined,
                 "instance_id": "2",
               },
               "saved_objects": Array [
@@ -586,6 +590,7 @@ describe('Task Runner', () => {
             },
             "kibana": Object {
               "alerting": Object {
+                "action_group_id": "default",
                 "instance_id": "1",
               },
               "saved_objects": Array [
@@ -597,7 +602,7 @@ describe('Task Runner', () => {
                 },
               ],
             },
-            "message": "test:1: 'alert-name' active instance: '1'",
+            "message": "test:1: 'alert-name' active instance: '1' in actionGroup: 'default'",
           },
         ],
       ]