Skip to content

Commit

Permalink
fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
vitaliidm committed Jan 24, 2024
1 parent df605ca commit bacdce1
Show file tree
Hide file tree
Showing 5 changed files with 114 additions and 74 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
* 2.0.
*/

import sortBy from 'lodash/sortBy';
import dateMath from '@elastic/datemath';
import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
import { RuleExecutorOptions } from '@kbn/alerting-plugin/server';
Expand All @@ -17,6 +18,7 @@ import {
ALERT_START,
ALERT_SUPPRESSION_DOCS_COUNT,
ALERT_SUPPRESSION_END,
ALERT_SUPPRESSION_START,
ALERT_UUID,
ALERT_WORKFLOW_STATUS,
TIMESTAMP,
Expand Down Expand Up @@ -117,7 +119,12 @@ const filterDuplicateAlerts = async <T extends { _id: string }>({
* suppress alerts by ALERT_INSTANCE_ID in memory
*/
const suppressAlertsInMemory = <
T extends { [ALERT_SUPPRESSION_DOCS_COUNT]: number; [ALERT_INSTANCE_ID]: string },
T extends {
[ALERT_SUPPRESSION_DOCS_COUNT]: number;
[ALERT_INSTANCE_ID]: string;
[ALERT_SUPPRESSION_START]: Date;
[ALERT_SUPPRESSION_END]: Date;
},
A extends {
_id: string;
_source: T;
Expand All @@ -128,26 +135,36 @@ const suppressAlertsInMemory = <
alertCandidates: A[];
suppressedAlerts: A[];
} => {
const idsMap: Record<string, number> = {};
const idsMap: Record<string, { count: number; suppressionEnd: Date }> = {};
const suppressedAlerts: A[] = [];
const filteredAlerts = alerts.filter((alert) => {
const instanceId = alert._source[ALERT_INSTANCE_ID];
const suppressionDocsCount = alert._source[ALERT_SUPPRESSION_DOCS_COUNT];

if (instanceId && idsMap[instanceId] != null) {
idsMap[instanceId] += suppressionDocsCount + 1;
suppressedAlerts.push(alert);
return false;
} else {
idsMap[instanceId] = suppressionDocsCount;
return true;
}
}, []);
const filteredAlerts = sortBy(alerts, (alert) => alert._source[ALERT_SUPPRESSION_START]).filter(
(alert) => {
const instanceId = alert._source[ALERT_INSTANCE_ID];
const suppressionDocsCount = alert._source[ALERT_SUPPRESSION_DOCS_COUNT];
const suppressionEnd = alert._source[ALERT_SUPPRESSION_END];

if (instanceId && idsMap[instanceId] != null) {
idsMap[instanceId].count += suppressionDocsCount + 1;
// store the max value of suppression end boundary
if (suppressionEnd > idsMap[instanceId].suppressionEnd) {
idsMap[instanceId].suppressionEnd = suppressionEnd;
}
suppressedAlerts.push(alert);
return false;
} else {
idsMap[instanceId] = { count: suppressionDocsCount, suppressionEnd };
return true;
}
},
[]
);

const alertCandidates = filteredAlerts.map((alert) => {
const instanceId = alert._source[ALERT_INSTANCE_ID];
if (instanceId) {
alert._source[ALERT_SUPPRESSION_DOCS_COUNT] = idsMap[instanceId];
alert._source[ALERT_SUPPRESSION_DOCS_COUNT] = idsMap[instanceId].count;
alert._source[ALERT_SUPPRESSION_END] = idsMap[instanceId].suppressionEnd;
}
return alert;
});
Expand Down Expand Up @@ -391,23 +408,33 @@ export const createPersistenceRuleTypeWrapper: CreatePersistenceRuleTypeWrapper
existingAlertsByInstanceId[alert._source[ALERT_INSTANCE_ID]];
const existingDocsCount =
existingAlert._source?.[ALERT_SUPPRESSION_DOCS_COUNT] ?? 0;
return [
{
update: {
_id: existingAlert._id,
_index: existingAlert._index,
require_alias: false,

// do not count alerts that already were suppressed
if (
existingAlert._source?.[ALERT_SUPPRESSION_END] &&
existingAlert._source?.[ALERT_SUPPRESSION_END] <=
alert._source[ALERT_SUPPRESSION_END]
) {
return [];
} else {
return [
{
update: {
_id: existingAlert._id,
_index: existingAlert._index,
require_alias: false,
},
},
},
{
doc: {
[ALERT_LAST_DETECTED]: currentTimeOverride ?? new Date(),
[ALERT_SUPPRESSION_END]: alert._source[ALERT_SUPPRESSION_END],
[ALERT_SUPPRESSION_DOCS_COUNT]:
existingDocsCount + alert._source[ALERT_SUPPRESSION_DOCS_COUNT] + 1,
{
doc: {
[ALERT_LAST_DETECTED]: currentTimeOverride ?? new Date(),
[ALERT_SUPPRESSION_END]: alert._source[ALERT_SUPPRESSION_END],
[ALERT_SUPPRESSION_DOCS_COUNT]:
existingDocsCount + alert._source[ALERT_SUPPRESSION_DOCS_COUNT] + 1,
},
},
},
];
];
}
});

let enrichedAlerts = newAlerts;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ export type SuppressedAlertService = <T extends SuppressionFieldsLatest>(
currentTimeOverride?: Date
) => Promise<SuppressedAlertServiceResult<T>>;

interface SuppressedAlertServiceResult<T>
export interface SuppressedAlertServiceResult<T>
extends Omit<PersistenceAlertServiceResult<T>, 'alertsWereTruncated'> {
suppressedAlerts: Array<{ _id: string; _source: T }>;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -960,6 +960,7 @@ describe('utils', () => {
success: true,
warning: false,
warningMessages: [],
suppressedAlertsCount: 0,
};
expect(newSearchResult).toEqual(expected);
});
Expand All @@ -981,6 +982,7 @@ describe('utils', () => {
success: true,
warning: false,
warningMessages: [],
suppressedAlertsCount: 0,
};
expect(newSearchResult).toEqual(expected);
});
Expand Down Expand Up @@ -1300,6 +1302,7 @@ describe('utils', () => {
success: true,
warning: false,
warningMessages: [],
suppressedAlertsCount: 0,
};
expect(searchAfterReturnType).toEqual(expected);
});
Expand Down Expand Up @@ -1328,6 +1331,7 @@ describe('utils', () => {
success: false,
warning: true,
warningMessages: ['test warning'],
suppressedAlertsCount: 0,
};
expect(searchAfterReturnType).toEqual(expected);
});
Expand All @@ -1349,6 +1353,7 @@ describe('utils', () => {
success: true,
warning: false,
warningMessages: [],
suppressedAlertsCount: 0,
};
expect(searchAfterReturnType).toEqual(expected);
});
Expand All @@ -1368,6 +1373,7 @@ describe('utils', () => {
success: true,
warning: false,
warningMessages: [],
suppressedAlertsCount: 0,
};
expect(merged).toEqual(expected);
});
Expand Down Expand Up @@ -1449,6 +1455,7 @@ describe('utils', () => {
success: true, // Defaults to success true is all of it was successful
warning: true,
warningMessages: ['warning1', 'warning2'],
suppressedAlertsCount: 0,
};
expect(merged).toEqual(expected);
});
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ import {
ALERT_SUPPRESSION_END,
TIMESTAMP,
} from '@kbn/rule-data-utils';
import { ALERT_ORIGINAL_TIME } from '../../../../../common/field_maps/field_names';
import type { SignalSourceHit } from '../types';

import type {
Expand Down Expand Up @@ -92,8 +93,8 @@ export const wrapSuppressedAlerts = ({
id,
publicBaseUrl
);
// suppression start/end equals to alert timestamp, since we suppress alerts for rule type, not documents as for query rule type
const suppressionTime = new Date(baseAlert[TIMESTAMP]);

const suppressionTime = new Date(baseAlert[ALERT_ORIGINAL_TIME] ?? baseAlert[TIMESTAMP]);
return {
_id: id,
_index: '',
Expand Down
Loading

0 comments on commit bacdce1

Please sign in to comment.