From d85e43536be0c54ac8772608226cbfb1a6fd718f Mon Sep 17 00:00:00 2001
From: Jeff Ashton <JeffAshton@users.noreply.github.com>
Date: Mon, 28 Jun 2021 11:40:54 -0400
Subject: [PATCH 1/2] Reducing the unused calls to elasticsearch_client

---
 elastalert/elastalert.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/elastalert/elastalert.py b/elastalert/elastalert.py
index 3631ffa3..3116fa87 100755
--- a/elastalert/elastalert.py
+++ b/elastalert/elastalert.py
@@ -859,6 +859,14 @@ def enhance_filter(self, rule):
             filters.append({'query': query_str_filter})
         elastalert_logger.debug("Enhanced filter with {} terms: {}".format(listname, str(query_str_filter)))
 
+    def get_elasticsearch_client(self, rule):
+        key = rule['name']
+        es_client = self.es_clients.get(key)
+        if es_client is None:
+            es_client = elasticsearch_client(rule)
+            self.es_clients[key] = es_client
+        return es_client
+
     def run_rule(self, rule, endtime, starttime=None):
         """ Run a rule for a given time period, including querying and alerting on results.
 
@@ -868,7 +876,7 @@ def run_rule(self, rule, endtime, starttime=None):
         :return: The number of matches that the rule produced.
         """
         run_start = time.time()
-        self.thread_data.current_es = self.es_clients.setdefault(rule['name'], elasticsearch_client(rule))
+        self.thread_data.current_es = self.get_elasticsearch_client(rule)
 
         # If there are pending aggregate matches, try processing them
         for x in range(len(rule['agg_matches'])):

From 95748220fabceaf79a92ea3d045a36da56feb768 Mon Sep 17 00:00:00 2001
From: Jeff Ashton <JeffAshton@users.noreply.github.com>
Date: Mon, 28 Jun 2021 12:25:04 -0400
Subject: [PATCH 2/2] Adding tests for get_elasticsearch_client

---
 tests/base_test.py | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/tests/base_test.py b/tests/base_test.py
index 7bcf3f48..785befd5 100644
--- a/tests/base_test.py
+++ b/tests/base_test.py
@@ -1426,3 +1426,20 @@ def test_add_aggregated_alert_error(ea, caplog):
         exceptd = "[add_aggregated_alert]"
         exceptd += "Error parsing aggregate send time format unsupported operand type(s) for +: 'datetime.datetime' and 'dict'"
         assert exceptd in message
+
+
+def test_get_elasticsearch_client_same_rule(ea):
+    x = ea.get_elasticsearch_client(ea.rules[0])
+    y = ea.get_elasticsearch_client(ea.rules[0])
+    assert x is y, "Should return same client for the same rule"
+
+
+def test_get_elasticsearch_client_different_rule(ea):
+    x_rule = ea.rules[0]
+    x = ea.get_elasticsearch_client(x_rule)
+
+    y_rule = copy.copy(x_rule)
+    y_rule['name'] = 'different_rule'
+    y = ea.get_elasticsearch_client(y_rule)
+
+    assert x is not y, 'Should return unique client for each rule'