From 8939b0c84ec0c074e320f1cf096ec1f33f929804 Mon Sep 17 00:00:00 2001 From: mburguet Date: Thu, 12 Oct 2023 10:39:20 -0400 Subject: [PATCH 1/4] FlatlineRule: Extract functions that could be overriden by child classes --- elastalert/ruletypes.py | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/elastalert/ruletypes.py b/elastalert/ruletypes.py index 0993cb73..9200f2c4 100644 --- a/elastalert/ruletypes.py +++ b/elastalert/ruletypes.py @@ -586,6 +586,14 @@ def __init__(self, *args): # Dictionary mapping query keys to the first events self.first_event = {} + def get_threshold(self, key): + return self.rules['threshold'] + + def get_event_data(self, key): + return { + 'threshold': self.get_threshold(key) + } + def check_for_match(self, key, end=True): # This function gets called between every added document with end=True after the last # We ignore the calls before the end because it may trigger false positives @@ -602,10 +610,10 @@ def check_for_match(self, key, end=True): # Match if, after removing old events, we hit num_events count = self.occurrences[key].count() - if count < self.rules['threshold']: + if count < self.get_threshold(key): # Do a deep-copy, otherwise we lose the datetime type in the timestamp field of the last event event = copy.deepcopy(self.occurrences[key].data[-1][0]) - event.update(key=key, count=count) + event.update(key=key, count=count, **self.get_event_data(key)) self.add_match(event) if not self.rules.get('forget_keys'): @@ -632,11 +640,14 @@ def get_match_str(self, match): ) return message + def get_keys(self): + return list(self.occurrences.keys()) + def garbage_collect(self, ts): # We add an event with a count of zero to the EventWindow for each key. This will cause the EventWindow # to remove events that occurred more than one `timeframe` ago, and call onRemoved on them. default = ['all'] if 'query_key' not in self.rules else [] - for key in list(self.occurrences.keys()) or default: + for key in self.get_keys() or default: self.occurrences.setdefault( key, EventWindow(self.rules['timeframe'], getTimestamp=self.get_ts) From 7fa75305c54b3acd3c9ffb0dd0b095a746ce73d6 Mon Sep 17 00:00:00 2001 From: mburguet Date: Thu, 12 Oct 2023 11:05:11 -0400 Subject: [PATCH 2/4] Update CHANGELOG --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9146d542..7f658c77 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -# 2.TBD.TBD +# 2.14.1 ## Breaking changes - TBD @@ -7,7 +7,7 @@ - TBD ## Other changes -- TBD +- Refactored FlatlineRule to make it more extensible # 2.14.0 From f09b36a0f37200ed61ac5162430f1e9b2a390d76 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Thu, 12 Oct 2023 20:06:08 -0400 Subject: [PATCH 3/4] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7f658c77..b3efcfb9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,7 @@ - TBD ## Other changes -- Refactored FlatlineRule to make it more extensible +- Refactored FlatlineRule to make it more extensible - [#1291](https://github.com/jertel/elastalert2/pull/1291) - @rundef # 2.14.0 From ec709481725e39d98693dc5362bb6d7500cf6cc9 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Thu, 12 Oct 2023 20:07:09 -0400 Subject: [PATCH 4/4] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b3efcfb9..9aec1a97 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -# 2.14.1 +# 2.TBD.TBD ## Breaking changes - TBD