Add metric_agg_script to MetricAggregationRule

Copied from SpikeMetricAggregationRule, which originally copied generate_aggregation_query from MetricAggregationRule and added these two lines. So this commit just makes the two generate_aggregation_query look the same, which just works and I'm not really sure why no one has done it before.
jertel · Nov 15, 2021 · b223e65 · b223e65
1 parent ab9a1d0
commit b223e65
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/docs/source/ruletypes.rst b/docs/source/ruletypes.rst
@@ -1318,7 +1318,7 @@ default this is ``buffer_time``.
 This rule requires:
 
 ``metric_agg_key``: This is the name of the field over which the metric value will be calculated. The underlying type of this field must be
-supported by the specified aggregation type.
+supported by the specified aggregation type.  If using a scripted field via ``metric_agg_script``, this is the name for your scripted field
 
 ``metric_agg_type``: The type of metric aggregation to perform on the ``metric_agg_key`` field. This must be one of 'min', 'max', 'avg',
 'sum', 'cardinality', 'value_count'.
@@ -1336,6 +1336,12 @@ Optional:
 ``query_key``: Group metric calculations by this field. For each unique value of the ``query_key`` field, the metric will be calculated and
 evaluated separately against the threshold(s).
 
+``metric_agg_script``: A `Painless` formatted script describing how to calculate your metric on-the-fly::
+
+    metric_agg_key: myScriptedMetric
+    metric_agg_script:
+        script: doc['field1'].value * doc['field2'].value
+
 ``min_doc_count``: The minimum number of events in the current window needed for an alert to trigger.  Used in conjunction with ``query_key``,
 this will only consider terms which in their last ``buffer_time`` had at least ``min_doc_count`` records.  Default 1.
 

diff --git a/elastalert/ruletypes.py b/elastalert/ruletypes.py
@@ -1088,6 +1088,8 @@ def get_match_str(self, match):
         return message
 
     def generate_aggregation_query(self):
+        if self.rules.get('metric_agg_script'):
+            return {self.metric_key: {self.rules['metric_agg_type']: self.rules['metric_agg_script']}}
         query = {self.metric_key: {self.rules['metric_agg_type']: {'field': self.rules['metric_agg_key']}}}
         if self.rules['metric_agg_type'] in self.allowed_percent_aggregations:
             query[self.metric_key][self.rules['metric_agg_type']]['percents'] = [self.rules['percentile_range']]
@@ -1175,7 +1177,7 @@ def __init__(self, *args):
         self.rules['aggregation_query_element'] = self.generate_aggregation_query()
 
     def generate_aggregation_query(self):
-        """Lifted from MetricAggregationRule, added support for scripted fields"""
+        """Lifted from MetricAggregationRule"""
         if self.rules.get('metric_agg_script'):
             return {self.metric_key: {self.rules['metric_agg_type']: self.rules['metric_agg_script']}}
         query = {self.metric_key: {self.rules['metric_agg_type']: {'field': self.rules['metric_agg_key']}}}