diff --git a/src/main/java/org/opensearch/securityanalytics/findings/FindingsService.java b/src/main/java/org/opensearch/securityanalytics/findings/FindingsService.java index 5047c0268..39b84087a 100644 --- a/src/main/java/org/opensearch/securityanalytics/findings/FindingsService.java +++ b/src/main/java/org/opensearch/securityanalytics/findings/FindingsService.java @@ -209,7 +209,7 @@ public FindingDto mapFindingWithDocsToFindingDto(FindingWithDocs findingWithDocs if (docLevelQueries.isEmpty()) { // this is finding generated by a bucket level monitor for (Map.Entry entry : detector.getRuleIdMonitorIdMap().entrySet()) { if(entry.getValue().equals(findingWithDocs.getFinding().getMonitorId())) { - docLevelQueries = Collections.singletonList(new DocLevelQuery(entry.getKey(),"","",Collections.emptyList())); + docLevelQueries = Collections.singletonList(new DocLevelQuery(entry.getKey(),"", Collections.emptyList(),"",Collections.emptyList())); } } } diff --git a/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java b/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java index 663ead35d..241bc73e8 100644 --- a/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java +++ b/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java @@ -290,7 +290,10 @@ public void onFailure(Exception e) { } } }, - listener::onFailure + e1 -> { + log.error("Failed to index doc level monitor in detector creation", e1); + listener.onFailure(e1); + } ); }, listener::onFailure); } else { @@ -560,7 +563,7 @@ private IndexMonitorRequest createDocLevelMonitorRequest(List tags.add(rule.getCategory()); tags.addAll(rule.getTags().stream().map(Value::getValue).collect(Collectors.toList())); - DocLevelQuery docLevelQuery = new DocLevelQuery(id, name, actualQuery, tags); + DocLevelQuery docLevelQuery = new DocLevelQuery(id, name, Collections.emptyList(), actualQuery, tags); docLevelQueries.add(docLevelQuery); } DocLevelMonitorInput docLevelMonitorInput = new DocLevelMonitorInput(detector.getName(), detector.getInputs().get(0).getIndices(), docLevelQueries); diff --git a/src/test/java/org/opensearch/securityanalytics/findings/FindingDtoTests.java b/src/test/java/org/opensearch/securityanalytics/findings/FindingDtoTests.java index 7877410be..ffcb75644 100644 --- a/src/test/java/org/opensearch/securityanalytics/findings/FindingDtoTests.java +++ b/src/test/java/org/opensearch/securityanalytics/findings/FindingDtoTests.java @@ -5,6 +5,7 @@ package org.opensearch.securityanalytics.findings; import java.time.Instant; +import java.util.Collections; import java.util.List; import org.opensearch.commons.alerting.model.DocLevelQuery; import org.opensearch.commons.alerting.model.FindingDocument; @@ -27,7 +28,7 @@ public void testFindingDTO_creation() { "findingId", List.of("doc1", "doc2", "doc3"), "my_index", - List.of(new DocLevelQuery("1","myQuery","fieldA:valABC", List.of())), + List.of(new DocLevelQuery("1", "myQuery", Collections.emptyList(), "fieldA:valABC", List.of())), now, List.of(findingDocument1, findingDocument2, findingDocument3) ); @@ -36,7 +37,7 @@ public void testFindingDTO_creation() { assertEquals("findingId", findingDto.getId()); assertEquals(List.of("doc1", "doc2", "doc3"), findingDto.getRelatedDocIds()); assertEquals("my_index", findingDto.getIndex()); - assertEquals(List.of(new DocLevelQuery("1","myQuery","fieldA:valABC", List.of())), findingDto.getDocLevelQueries()); + assertEquals(List.of(new DocLevelQuery("1", "myQuery", Collections.emptyList(), "fieldA:valABC", List.of())), findingDto.getDocLevelQueries()); assertEquals(now, findingDto.getTimestamp()); assertEquals(List.of(findingDocument1, findingDocument2, findingDocument3), findingDto.getDocuments()); } diff --git a/src/test/java/org/opensearch/securityanalytics/findings/FindingServiceTests.java b/src/test/java/org/opensearch/securityanalytics/findings/FindingServiceTests.java index 13231e732..c121233e2 100644 --- a/src/test/java/org/opensearch/securityanalytics/findings/FindingServiceTests.java +++ b/src/test/java/org/opensearch/securityanalytics/findings/FindingServiceTests.java @@ -83,7 +83,7 @@ public void testGetFindings_success() { "monitor_id1", "monitor_name1", "test_index1", - List.of(new DocLevelQuery("1","myQuery","fieldA:valABC", List.of())), + List.of(new DocLevelQuery("1", "myQuery", Collections.emptyList(), "fieldA:valABC", List.of())), Instant.now(), "1234" ); @@ -99,7 +99,7 @@ public void testGetFindings_success() { "monitor_id2", "monitor_name2", "test_index2", - List.of(new DocLevelQuery("1","myQuery","fieldA:valABC", List.of())), + List.of(new DocLevelQuery("1", "myQuery", Collections.emptyList(), "fieldA:valABC", List.of())), Instant.now(), "1234" );