-
Notifications
You must be signed in to change notification settings - Fork 103
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
initial commit for remote monitor support #1547
Conversation
Signed-off-by: Subhobrata Dey <[email protected]>
} | ||
|
||
@Override | ||
public String getMonitorType() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
plugins should be allowed to add multiple types of monitors.
SAP itself probably will implement
- threat intel ioc scan monitor
- ueba monitor
- rules monitor
- bucket level monitor with findings and pipeline aggs
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we plz add the skeleton for a fan-out and monitor metadata capabilities of doc level monitor
also how to define new triggers? triggers seem tightly coupled with the existing defintions.
@@ -3,6 +3,7 @@ | |||
* SPDX-License-Identifier: Apache-2.0 | |||
*/ | |||
|
|||
import com.github.jengelman.gradle.plugins.shadow.ShadowPlugin |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is this the same dependency used by jobscheduler or notification for shadow plugin?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes.
8317f29
to
abcc7ce
Compare
@@ -185,10 +187,16 @@ object MonitorMetadataService : | |||
|
|||
suspend fun recreateRunContext(metadata: MonitorMetadata, monitor: Monitor): MonitorMetadata { | |||
try { | |||
val monitorIndex = if (monitor.monitorType == Monitor.MonitorType.DOC_LEVEL_MONITOR) | |||
val monitorIndex = if ( | |||
monitor.isMonitorOfStandardType() && |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why not just check string value is doc level monitor?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
just want to use a single string constant, so just reusing the enum value.
(monitor.inputs[0] as DocLevelMonitorInput).indices[0] | ||
else null | ||
val runContext = if (monitor.monitorType == Monitor.MonitorType.DOC_LEVEL_MONITOR && createWithRunContext) | ||
val runContext = if ( | ||
monitor.isMonitorOfStandardType() && |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
extract into method - isDocLevelMonitor()
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
|
||
import org.opensearch.alerting.spi.RemoteMonitorRunner | ||
|
||
class RemoteMonitorRegistry(val monitorType: String, val monitorRunner: RemoteMonitorRunner) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
java docs
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok updated it.
Signed-off-by: Subhobrata Dey <[email protected]>
Signed-off-by: Subhobrata Dey <[email protected]>
@@ -185,10 +185,10 @@ object MonitorMetadataService : | |||
|
|||
suspend fun recreateRunContext(metadata: MonitorMetadata, monitor: Monitor): MonitorMetadata { | |||
try { | |||
val monitorIndex = if (monitor.monitorType == Monitor.MonitorType.DOC_LEVEL_MONITOR) | |||
val monitorIndex = if (monitor.monitorType.endsWith(Monitor.MonitorType.DOC_LEVEL_MONITOR.value)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can we just have a separate flag instead of depending on name
check can be monitor.monitorType == Monitor.MonitorType.DOC_LEVEL_MONITOR || "use_doc_level_feature_bool" == true
?
@@ -400,7 +402,9 @@ class TransportIndexWorkflowAction @Inject constructor( | |||
log.warn("Metadata doc id:${monitorMetadata.id} exists, but it shouldn't!") | |||
} | |||
|
|||
if (monitor.monitorType == Monitor.MonitorType.DOC_LEVEL_MONITOR) { | |||
if ( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can workflow add any kind of remote monitor?
Signed-off-by: Subhobrata Dey <[email protected]>
Signed-off-by: Subhobrata Dey <[email protected]>
how will index validate mapping of the custom trigger and custom input |
how will serialization work for custom trigger and custom input |
Signed-off-by: Subhobrata Dey <[email protected]>
here is an example how to define our own inputs & triggers in remote monitors. there are more complex examples in the sample plugin e.g. using nested objects. |
@@ -240,6 +241,7 @@ internal class AlertingPlugin : PainlessExtension, ActionPlugin, ScriptPlugin, R | |||
ClusterMetricsInput.XCONTENT_REGISTRY, | |||
DocumentLevelTrigger.XCONTENT_REGISTRY, | |||
ChainedAlertTrigger.XCONTENT_REGISTRY, | |||
RemoteMonitorTrigger.XCONTENT_REGISTRY, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do we also need RemoteMonitorInput xcontent registry?
if yes, can you add appropriate tests to serialize
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we dont need RemoteMonitorInput
because in common-utils
Input.parse
doesn't use it. https://github.com/opensearch-project/common-utils/blob/main/src/main/kotlin/org/opensearch/commons/alerting/model/Input.kt#L30
however, in Trigger.parse
it is used. https://github.com/opensearch-project/common-utils/blob/main/src/main/kotlin/org/opensearch/commons/alerting/model/Trigger.kt#L41
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you check xcontent registry
Signed-off-by: Subhobrata Dey <[email protected]>
responded here. #1547 (comment) |
Signed-off-by: Subhobrata Dey <[email protected]>
Signed-off-by: Subhobrata Dey <[email protected]>
Signed-off-by: Subhobrata Dey <[email protected]>
Signed-off-by: Subhobrata Dey <[email protected]>
all builds pass. merging pr. |
Signed-off-by: Subhobrata Dey <[email protected]>
Issue #, if available:
#1546
Description of changes:
CheckList:
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.