Skip to content

Commit

Permalink
[Response Ops][Alerting] Removing diagnostic logging for ES query rule (
Browse files Browse the repository at this point in the history 
elastic#203328)
  • Loading branch information
@ymao1 @CAWilson94
ymao1 authored and CAWilson94 committed Dec 12, 2024
1 parent 1e93341 commit 14fc0f9
Show file tree
Hide file tree
Showing 5 changed files with 2 additions and 374 deletions.
276 changes: 0 additions & 276 deletions x-pack/plugins/stack_alerts/server/rule_types/es_query/executor.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -890,282 +890,6 @@ describe('es_query executor', () => {
expect(mockSetLimitReached).toHaveBeenCalledTimes(1);
expect(mockSetLimitReached).toHaveBeenCalledWith(false);
});

it('should log messages for hits with out-of-range dates for search source', async () => {
const epoch = Date.now();
const oneYear = 1000 * 60 * 60 * 24 * 365;
const dateEarly = new Date(epoch - oneYear).toISOString();
const dateStart = new Date(epoch - 1000).toISOString();
const dateMiddle = new Date(epoch - 500).toISOString();
const dateEnd = new Date(epoch).toISOString();
const dateLate = new Date(epoch + oneYear).toISOString();

function getTimeRange() {
return { dateStart, dateEnd };
}

mockFetchSearchSourceQuery.mockResolvedValueOnce({
parsedResults: {
results: [
{
group: 'all documents',
count: 3,
hits: [
{ _source: { '@timestamp': dateEarly, value: 1 } },
{ _source: { '@timestamp': dateMiddle, value: 2 } },
{ _source: { '@timestamp': dateLate, value: 3 } },
],
},
],
},
truncated: false,
query: 'the query would go here',
});

const executorOptions: ExecutorOptions<EsQueryRuleParams> = {
...defaultExecutorOptions,
getTimeRange,
params: {
...defaultProps,
searchType: 'searchSource',
timeField: '@timestamp',
},
};
await executor(coreMock, executorOptions);

const allLogCalls = loggerMock.collect(logger);
const messages: string[] = [];
for (const parms of allLogCalls.error) {
const message = parms.shift();
messages.push(`${message}`);
}

expect(messages).toEqual([
`For rule 'test-rule-id', the hit with date '${dateEarly}' from field '@timestamp' is outside the query time range. Query: <\"the query would go here\">. Document: <{\"_source\":{\"@timestamp\":\"${dateEarly}\",\"value\":1}}>`,
`For rule 'test-rule-id', the hit with date '${dateLate}' from field '@timestamp' is outside the query time range. Query: <\"the query would go here\">. Document: <{\"_source\":{\"@timestamp\":\"${dateLate}\",\"value\":3}}>`,
]);
expect(allLogCalls).toMatchInlineSnapshot(`
Object {
"debug": Array [],
"error": Array [
Array [
Object {
"tags": Array [
"query-result-out-of-time-range",
],
},
],
Array [
Object {
"tags": Array [
"query-result-out-of-time-range",
],
},
],
],
"fatal": Array [],
"info": Array [],
"log": Array [],
"trace": Array [],
"warn": Array [],
}
`);
});

it('should log messages for bad start / end dates for search source', async () => {
function getTimeRange() {
return { dateStart: 'x', dateEnd: 'y' };
}

mockFetchSearchSourceQuery.mockResolvedValueOnce({
parsedResults: {
results: [
{
group: 'all documents',
count: 1,
hits: [{ _source: { '@timestamp': new Date().toISOString() } }],
},
],
},
truncated: false,
query: 'the query would go here',
});

const executorOptions: ExecutorOptions<EsQueryRuleParams> = {
...defaultExecutorOptions,
getTimeRange,
params: {
...defaultProps,
searchType: 'searchSource',
timeField: '@timestamp',
},
};
await executor(coreMock, executorOptions);

const allLogCalls = loggerMock.collect(logger);
const messages: string[] = [];
for (const parms of allLogCalls.error) {
const message = parms.shift();
messages.push(`${message}`);
}

expect(messages).toEqual([
`For rule 'test-rule-id', hits were returned with invalid time range start date 'x' from field '@timestamp' using query <"the query would go here">`,
`For rule 'test-rule-id', hits were returned with invalid time range end date 'y' from field '@timestamp' using query <"the query would go here">`,
]);
expect(allLogCalls.error).toMatchInlineSnapshot(`
Array [
Array [
Object {
"tags": Array [
"query-result-out-of-time-range",
],
},
],
Array [
Object {
"tags": Array [
"query-result-out-of-time-range",
],
},
],
]
`);
});

it('should log messages for hits with out-of-range dates for query dsl', async () => {
const epoch = Date.now();
const oneYear = 1000 * 60 * 60 * 24 * 365;
const dateEarly = new Date(epoch - oneYear).toISOString();
const dateStart = new Date(epoch - 1000).toISOString();
const dateMiddle = new Date(epoch - 500).toISOString();
const dateEnd = new Date(epoch).toISOString();
const dateLate = new Date(epoch + oneYear).toISOString();

function getTimeRange() {
return { dateStart, dateEnd };
}

mockFetchEsQuery.mockResolvedValueOnce({
parsedResults: {
results: [
{
group: 'all documents',
count: 3,
hits: [
{ _source: { '@timestamp': dateEarly, value: 1 } },
{ _source: { '@timestamp': dateMiddle, value: 2 } },
{ _source: { '@timestamp': dateLate, value: 3 } },
],
},
],
},
truncated: false,
query: 'the query would go here',
});

const executorOptions: ExecutorOptions<EsQueryRuleParams> = {
...defaultExecutorOptions,
getTimeRange,
params: {
...defaultProps,
searchType: 'esQuery',
timeField: '@timestamp',
},
};
await executor(coreMock, executorOptions);

const allLogCalls = loggerMock.collect(logger);
const messages: string[] = [];
for (const parms of allLogCalls.error) {
const message = parms.shift();
messages.push(`${message}`);
}

expect(messages).toEqual([
`For rule 'test-rule-id', the hit with date '${dateEarly}' from field '@timestamp' is outside the query time range. Query: <\"the query would go here\">. Document: <{\"_source\":{\"@timestamp\":\"${dateEarly}\",\"value\":1}}>`,
`For rule 'test-rule-id', the hit with date '${dateLate}' from field '@timestamp' is outside the query time range. Query: <\"the query would go here\">. Document: <{\"_source\":{\"@timestamp\":\"${dateLate}\",\"value\":3}}>`,
]);
expect(allLogCalls.error).toMatchInlineSnapshot(`
Array [
Array [
Object {
"tags": Array [
"query-result-out-of-time-range",
],
},
],
Array [
Object {
"tags": Array [
"query-result-out-of-time-range",
],
},
],
]
`);
});

it('should log messages for bad start / end dates for query dsl', async () => {
function getTimeRange() {
return { dateStart: 'x', dateEnd: 'y' };
}

mockFetchEsQuery.mockResolvedValueOnce({
parsedResults: {
results: [
{
group: 'all documents',
count: 1,
hits: [{ _source: { '@timestamp': new Date().toISOString() } }],
},
],
},
truncated: false,
query: 'the query would go here',
});

const executorOptions: ExecutorOptions<EsQueryRuleParams> = {
...defaultExecutorOptions,
getTimeRange,
params: {
...defaultProps,
searchType: 'esQuery',
timeField: '@timestamp',
},
};
await executor(coreMock, executorOptions);

const allLogCalls = loggerMock.collect(logger);
const messages: string[] = [];
for (const parms of allLogCalls.error) {
const message = parms.shift();
messages.push(`${message}`);
}

expect(messages).toEqual([
`For rule 'test-rule-id', hits were returned with invalid time range start date 'x' from field '@timestamp' using query <"the query would go here">`,
`For rule 'test-rule-id', hits were returned with invalid time range end date 'y' from field '@timestamp' using query <"the query would go here">`,
]);
expect(allLogCalls.error).toMatchInlineSnapshot(`
Array [
Array [
Object {
"tags": Array [
"query-result-out-of-time-range",
],
},
],
Array [
Object {
"tags": Array [
"query-result-out-of-time-range",
],
},
],
]
`);
});
});

describe('tryToParseAsDate', () => {
Expand Down
Loading

0 comments on commit 14fc0f9

Please sign in to comment.