From 47c661f6439017d828bad21df708d874f293b317 Mon Sep 17 00:00:00 2001 From: Subhobrata Dey Date: Wed, 13 Nov 2024 23:05:23 +0000 Subject: [PATCH 1/5] add ignore_findings_and_alerts field to monitors Signed-off-by: Subhobrata Dey --- .../org/opensearch/commons/alerting/model/Monitor.kt | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/main/kotlin/org/opensearch/commons/alerting/model/Monitor.kt b/src/main/kotlin/org/opensearch/commons/alerting/model/Monitor.kt index bccfccfe..3f341e37 100644 --- a/src/main/kotlin/org/opensearch/commons/alerting/model/Monitor.kt +++ b/src/main/kotlin/org/opensearch/commons/alerting/model/Monitor.kt @@ -43,6 +43,7 @@ data class Monitor( val uiMetadata: Map, val dataSources: DataSources = DataSources(), val deleteQueryIndexInEveryRun: Boolean? = false, + val ignoreFindingsAndAlerts: Boolean? = false, val owner: String? = "alerting" ) : ScheduledJob { @@ -112,6 +113,7 @@ data class Monitor( DataSources() }, deleteQueryIndexInEveryRun = sin.readOptionalBoolean(), + ignoreFindingsAndAlerts = sin.readOptionalBoolean(), owner = sin.readOptionalString() ) @@ -172,6 +174,7 @@ data class Monitor( if (uiMetadata.isNotEmpty()) builder.field(UI_METADATA_FIELD, uiMetadata) builder.field(DATA_SOURCES_FIELD, dataSources) builder.field(DELETE_QUERY_INDEX_IN_EVERY_RUN_FIELD, deleteQueryIndexInEveryRun) + builder.field(IGNORE_FINDINGS_AND_ALERTS_FIELD, ignoreFindingsAndAlerts) builder.field(OWNER_FIELD, owner) if (params.paramAsBoolean("with_type", false)) builder.endObject() return builder.endObject() @@ -224,6 +227,7 @@ data class Monitor( out.writeBoolean(dataSources != null) // for backward compatibility with pre-existing monitors which don't have datasources field dataSources.writeTo(out) out.writeOptionalBoolean(deleteQueryIndexInEveryRun) + out.writeOptionalBoolean(ignoreFindingsAndAlerts) out.writeOptionalString(owner) } @@ -245,6 +249,7 @@ data class Monitor( const val DATA_SOURCES_FIELD = "data_sources" const val ENABLED_TIME_FIELD = "enabled_time" const val DELETE_QUERY_INDEX_IN_EVERY_RUN_FIELD = "delete_query_index_in_every_run" + const val IGNORE_FINDINGS_AND_ALERTS_FIELD = "ignore_findings_and_alerts" const val OWNER_FIELD = "owner" val MONITOR_TYPE_PATTERN = Pattern.compile("[a-zA-Z0-9_]{5,25}") @@ -274,6 +279,7 @@ data class Monitor( val inputs: MutableList = mutableListOf() var dataSources = DataSources() var deleteQueryIndexInEveryRun = false + var delegateMonitor = false var owner = "alerting" XContentParserUtils.ensureExpectedToken(XContentParser.Token.START_OBJECT, xcp.currentToken(), xcp) @@ -332,6 +338,11 @@ data class Monitor( } else { xcp.booleanValue() } + IGNORE_FINDINGS_AND_ALERTS_FIELD -> delegateMonitor = if (xcp.currentToken() == XContentParser.Token.VALUE_NULL) { + delegateMonitor + } else { + xcp.booleanValue() + } OWNER_FIELD -> owner = if (xcp.currentToken() == XContentParser.Token.VALUE_NULL) owner else xcp.text() else -> { xcp.skipChildren() @@ -360,6 +371,7 @@ data class Monitor( uiMetadata, dataSources, deleteQueryIndexInEveryRun, + delegateMonitor, owner ) } From 96f27c451756fd506d598220768ec4e9bb943050 Mon Sep 17 00:00:00 2001 From: Subhobrata Dey Date: Tue, 26 Nov 2024 22:26:22 +0000 Subject: [PATCH 2/5] update code review comments Signed-off-by: Subhobrata Dey --- .../commons/alerting/model/IndexExecutionContext.kt | 8 ++++++-- .../org/opensearch/commons/alerting/model/Monitor.kt | 8 ++++---- .../commons/alerting/model/WorkflowRunContext.kt | 7 ++++--- .../alerting/action/DocLevelMonitorFanOutRequestTests.kt | 2 +- 4 files changed, 15 insertions(+), 10 deletions(-) diff --git a/src/main/kotlin/org/opensearch/commons/alerting/model/IndexExecutionContext.kt b/src/main/kotlin/org/opensearch/commons/alerting/model/IndexExecutionContext.kt index 8872b525..4ecf1e67 100644 --- a/src/main/kotlin/org/opensearch/commons/alerting/model/IndexExecutionContext.kt +++ b/src/main/kotlin/org/opensearch/commons/alerting/model/IndexExecutionContext.kt @@ -21,7 +21,8 @@ data class IndexExecutionContext( val updatedIndexNames: List, val concreteIndexNames: List, val conflictingFields: List, - val docIds: List? = emptyList() + val docIds: List? = emptyList(), + val findingIds: List? = emptyList() ) : Writeable, ToXContent { @Throws(IOException::class) @@ -34,7 +35,8 @@ data class IndexExecutionContext( updatedIndexNames = sin.readStringList(), concreteIndexNames = sin.readStringList(), conflictingFields = sin.readStringList(), - docIds = sin.readOptionalStringList() + docIds = sin.readOptionalStringList(), + findingIds = sin.readOptionalStringList() ) override fun writeTo(out: StreamOutput?) { @@ -47,6 +49,7 @@ data class IndexExecutionContext( out.writeStringCollection(concreteIndexNames) out.writeStringCollection(conflictingFields) out.writeOptionalStringCollection(docIds) + out.writeOptionalStringCollection(findingIds) } override fun toXContent(builder: XContentBuilder?, params: ToXContent.Params?): XContentBuilder { @@ -60,6 +63,7 @@ data class IndexExecutionContext( .field("concrete_index_names", concreteIndexNames) .field("conflicting_fields", conflictingFields) .field("doc_ids", docIds) + .field("finding_ids", findingIds) .endObject() return builder } diff --git a/src/main/kotlin/org/opensearch/commons/alerting/model/Monitor.kt b/src/main/kotlin/org/opensearch/commons/alerting/model/Monitor.kt index 3f341e37..cd9211b6 100644 --- a/src/main/kotlin/org/opensearch/commons/alerting/model/Monitor.kt +++ b/src/main/kotlin/org/opensearch/commons/alerting/model/Monitor.kt @@ -43,7 +43,7 @@ data class Monitor( val uiMetadata: Map, val dataSources: DataSources = DataSources(), val deleteQueryIndexInEveryRun: Boolean? = false, - val ignoreFindingsAndAlerts: Boolean? = false, + val shouldPersistFindingsAndAlerts: Boolean? = false, val owner: String? = "alerting" ) : ScheduledJob { @@ -113,7 +113,7 @@ data class Monitor( DataSources() }, deleteQueryIndexInEveryRun = sin.readOptionalBoolean(), - ignoreFindingsAndAlerts = sin.readOptionalBoolean(), + shouldPersistFindingsAndAlerts = sin.readOptionalBoolean(), owner = sin.readOptionalString() ) @@ -174,7 +174,7 @@ data class Monitor( if (uiMetadata.isNotEmpty()) builder.field(UI_METADATA_FIELD, uiMetadata) builder.field(DATA_SOURCES_FIELD, dataSources) builder.field(DELETE_QUERY_INDEX_IN_EVERY_RUN_FIELD, deleteQueryIndexInEveryRun) - builder.field(IGNORE_FINDINGS_AND_ALERTS_FIELD, ignoreFindingsAndAlerts) + builder.field(IGNORE_FINDINGS_AND_ALERTS_FIELD, shouldPersistFindingsAndAlerts) builder.field(OWNER_FIELD, owner) if (params.paramAsBoolean("with_type", false)) builder.endObject() return builder.endObject() @@ -227,7 +227,7 @@ data class Monitor( out.writeBoolean(dataSources != null) // for backward compatibility with pre-existing monitors which don't have datasources field dataSources.writeTo(out) out.writeOptionalBoolean(deleteQueryIndexInEveryRun) - out.writeOptionalBoolean(ignoreFindingsAndAlerts) + out.writeOptionalBoolean(shouldPersistFindingsAndAlerts) out.writeOptionalString(owner) } diff --git a/src/main/kotlin/org/opensearch/commons/alerting/model/WorkflowRunContext.kt b/src/main/kotlin/org/opensearch/commons/alerting/model/WorkflowRunContext.kt index d478315e..7831c417 100644 --- a/src/main/kotlin/org/opensearch/commons/alerting/model/WorkflowRunContext.kt +++ b/src/main/kotlin/org/opensearch/commons/alerting/model/WorkflowRunContext.kt @@ -17,7 +17,7 @@ data class WorkflowRunContext( val workflowId: String, val workflowMetadataId: String, val chainedMonitorId: String?, - val matchingDocIdsPerIndex: Map>, + val matchingDocIdsPerIndex: Pair>, List>, val auditDelegateMonitorAlerts: Boolean ) : Writeable, ToXContentObject { companion object { @@ -30,7 +30,7 @@ data class WorkflowRunContext( sin.readString(), sin.readString(), sin.readOptionalString(), - sin.readMap() as Map>, + Pair(sin.readMap() as Map>, sin.readStringList()), sin.readBoolean() ) @@ -38,7 +38,8 @@ data class WorkflowRunContext( out.writeString(workflowId) out.writeString(workflowMetadataId) out.writeOptionalString(chainedMonitorId) - out.writeMap(matchingDocIdsPerIndex) + out.writeMap(matchingDocIdsPerIndex.first) + out.writeStringCollection(matchingDocIdsPerIndex.second) out.writeBoolean(auditDelegateMonitorAlerts) } diff --git a/src/test/kotlin/org/opensearch/commons/alerting/action/DocLevelMonitorFanOutRequestTests.kt b/src/test/kotlin/org/opensearch/commons/alerting/action/DocLevelMonitorFanOutRequestTests.kt index dda45483..bc2ca985 100644 --- a/src/test/kotlin/org/opensearch/commons/alerting/action/DocLevelMonitorFanOutRequestTests.kt +++ b/src/test/kotlin/org/opensearch/commons/alerting/action/DocLevelMonitorFanOutRequestTests.kt @@ -65,7 +65,7 @@ class DocLevelMonitorFanOutRequestTests { Workflow.NO_ID, Workflow.NO_ID, Monitor.NO_ID, - mutableMapOf("index" to listOf("1")), + Pair(mutableMapOf("index" to listOf("1")), listOf("finding1")), true ) val docLevelMonitorFanOutRequest = DocLevelMonitorFanOutRequest( From 4531e759029b11f73af6b4f0cb035706f8cf91ed Mon Sep 17 00:00:00 2001 From: Subhobrata Dey Date: Tue, 26 Nov 2024 22:36:31 +0000 Subject: [PATCH 3/5] update fixes Signed-off-by: Subhobrata Dey --- .../kotlin/org/opensearch/commons/alerting/model/Monitor.kt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/kotlin/org/opensearch/commons/alerting/model/Monitor.kt b/src/main/kotlin/org/opensearch/commons/alerting/model/Monitor.kt index cd9211b6..b7b5e95d 100644 --- a/src/main/kotlin/org/opensearch/commons/alerting/model/Monitor.kt +++ b/src/main/kotlin/org/opensearch/commons/alerting/model/Monitor.kt @@ -174,7 +174,7 @@ data class Monitor( if (uiMetadata.isNotEmpty()) builder.field(UI_METADATA_FIELD, uiMetadata) builder.field(DATA_SOURCES_FIELD, dataSources) builder.field(DELETE_QUERY_INDEX_IN_EVERY_RUN_FIELD, deleteQueryIndexInEveryRun) - builder.field(IGNORE_FINDINGS_AND_ALERTS_FIELD, shouldPersistFindingsAndAlerts) + builder.field(SHOULD_PERSIST_FINDINGS_AND_ALERTS_FIELD, shouldPersistFindingsAndAlerts) builder.field(OWNER_FIELD, owner) if (params.paramAsBoolean("with_type", false)) builder.endObject() return builder.endObject() @@ -249,7 +249,7 @@ data class Monitor( const val DATA_SOURCES_FIELD = "data_sources" const val ENABLED_TIME_FIELD = "enabled_time" const val DELETE_QUERY_INDEX_IN_EVERY_RUN_FIELD = "delete_query_index_in_every_run" - const val IGNORE_FINDINGS_AND_ALERTS_FIELD = "ignore_findings_and_alerts" + const val SHOULD_PERSIST_FINDINGS_AND_ALERTS_FIELD = "should_persist_findings_and_alerts" const val OWNER_FIELD = "owner" val MONITOR_TYPE_PATTERN = Pattern.compile("[a-zA-Z0-9_]{5,25}") @@ -338,7 +338,7 @@ data class Monitor( } else { xcp.booleanValue() } - IGNORE_FINDINGS_AND_ALERTS_FIELD -> delegateMonitor = if (xcp.currentToken() == XContentParser.Token.VALUE_NULL) { + SHOULD_PERSIST_FINDINGS_AND_ALERTS_FIELD -> delegateMonitor = if (xcp.currentToken() == XContentParser.Token.VALUE_NULL) { delegateMonitor } else { xcp.booleanValue() From bdd83966ed68bc96d9083a9cb6e7af5686b22a41 Mon Sep 17 00:00:00 2001 From: Subhobrata Dey Date: Thu, 5 Dec 2024 21:05:25 +0000 Subject: [PATCH 4/5] address review comments Signed-off-by: Subhobrata Dey --- .../commons/alerting/model/Monitor.kt | 8 +-- .../alerting/model/WorkflowRunContext.kt | 15 +++-- .../DocLevelMonitorFanOutRequestTests.kt | 64 ++++++++++++++++++- 3 files changed, 76 insertions(+), 11 deletions(-) diff --git a/src/main/kotlin/org/opensearch/commons/alerting/model/Monitor.kt b/src/main/kotlin/org/opensearch/commons/alerting/model/Monitor.kt index b7b5e95d..96bbf519 100644 --- a/src/main/kotlin/org/opensearch/commons/alerting/model/Monitor.kt +++ b/src/main/kotlin/org/opensearch/commons/alerting/model/Monitor.kt @@ -43,7 +43,7 @@ data class Monitor( val uiMetadata: Map, val dataSources: DataSources = DataSources(), val deleteQueryIndexInEveryRun: Boolean? = false, - val shouldPersistFindingsAndAlerts: Boolean? = false, + val shouldCreateSingleAlertForFindings: Boolean? = false, val owner: String? = "alerting" ) : ScheduledJob { @@ -113,7 +113,7 @@ data class Monitor( DataSources() }, deleteQueryIndexInEveryRun = sin.readOptionalBoolean(), - shouldPersistFindingsAndAlerts = sin.readOptionalBoolean(), + shouldCreateSingleAlertForFindings = sin.readOptionalBoolean(), owner = sin.readOptionalString() ) @@ -174,7 +174,7 @@ data class Monitor( if (uiMetadata.isNotEmpty()) builder.field(UI_METADATA_FIELD, uiMetadata) builder.field(DATA_SOURCES_FIELD, dataSources) builder.field(DELETE_QUERY_INDEX_IN_EVERY_RUN_FIELD, deleteQueryIndexInEveryRun) - builder.field(SHOULD_PERSIST_FINDINGS_AND_ALERTS_FIELD, shouldPersistFindingsAndAlerts) + builder.field(SHOULD_PERSIST_FINDINGS_AND_ALERTS_FIELD, shouldCreateSingleAlertForFindings) builder.field(OWNER_FIELD, owner) if (params.paramAsBoolean("with_type", false)) builder.endObject() return builder.endObject() @@ -227,7 +227,7 @@ data class Monitor( out.writeBoolean(dataSources != null) // for backward compatibility with pre-existing monitors which don't have datasources field dataSources.writeTo(out) out.writeOptionalBoolean(deleteQueryIndexInEveryRun) - out.writeOptionalBoolean(shouldPersistFindingsAndAlerts) + out.writeOptionalBoolean(shouldCreateSingleAlertForFindings) out.writeOptionalString(owner) } diff --git a/src/main/kotlin/org/opensearch/commons/alerting/model/WorkflowRunContext.kt b/src/main/kotlin/org/opensearch/commons/alerting/model/WorkflowRunContext.kt index 7831c417..5d3cd7c1 100644 --- a/src/main/kotlin/org/opensearch/commons/alerting/model/WorkflowRunContext.kt +++ b/src/main/kotlin/org/opensearch/commons/alerting/model/WorkflowRunContext.kt @@ -17,8 +17,9 @@ data class WorkflowRunContext( val workflowId: String, val workflowMetadataId: String, val chainedMonitorId: String?, - val matchingDocIdsPerIndex: Pair>, List>, - val auditDelegateMonitorAlerts: Boolean + val matchingDocIdsPerIndex: Map>, + val auditDelegateMonitorAlerts: Boolean, + val findingIds: List? = null ) : Writeable, ToXContentObject { companion object { fun readFrom(sin: StreamInput): WorkflowRunContext { @@ -30,17 +31,18 @@ data class WorkflowRunContext( sin.readString(), sin.readString(), sin.readOptionalString(), - Pair(sin.readMap() as Map>, sin.readStringList()), - sin.readBoolean() + sin.readMap() as Map>, + sin.readBoolean(), + sin.readOptionalStringList() ) override fun writeTo(out: StreamOutput) { out.writeString(workflowId) out.writeString(workflowMetadataId) out.writeOptionalString(chainedMonitorId) - out.writeMap(matchingDocIdsPerIndex.first) - out.writeStringCollection(matchingDocIdsPerIndex.second) + out.writeMap(matchingDocIdsPerIndex) out.writeBoolean(auditDelegateMonitorAlerts) + out.writeOptionalStringCollection(findingIds) } override fun toXContent(builder: XContentBuilder, params: ToXContent.Params?): XContentBuilder { @@ -50,6 +52,7 @@ data class WorkflowRunContext( .field("chained_monitor_id", chainedMonitorId) .field("matching_doc_ids_per_index", matchingDocIdsPerIndex) .field("audit_delegate_monitor_alerts", auditDelegateMonitorAlerts) + .field("finding_ids", findingIds) .endObject() return builder } diff --git a/src/test/kotlin/org/opensearch/commons/alerting/action/DocLevelMonitorFanOutRequestTests.kt b/src/test/kotlin/org/opensearch/commons/alerting/action/DocLevelMonitorFanOutRequestTests.kt index bc2ca985..1ef82f18 100644 --- a/src/test/kotlin/org/opensearch/commons/alerting/action/DocLevelMonitorFanOutRequestTests.kt +++ b/src/test/kotlin/org/opensearch/commons/alerting/action/DocLevelMonitorFanOutRequestTests.kt @@ -65,7 +65,7 @@ class DocLevelMonitorFanOutRequestTests { Workflow.NO_ID, Workflow.NO_ID, Monitor.NO_ID, - Pair(mutableMapOf("index" to listOf("1")), listOf("finding1")), + mutableMapOf("index" to listOf("1")), true ) val docLevelMonitorFanOutRequest = DocLevelMonitorFanOutRequest( @@ -89,4 +89,66 @@ class DocLevelMonitorFanOutRequestTests { assertEquals(docLevelMonitorFanOutRequest.shardIds, newDocLevelMonitorFanOutRequest.shardIds) assertEquals(docLevelMonitorFanOutRequest.workflowRunContext, newDocLevelMonitorFanOutRequest.workflowRunContext) } + + @Test + fun `test doc level monitor fan out request as stream with matching docIds with findings per index`() { + val docQuery = DocLevelQuery(query = "test_field:\"us-west-2\"", fields = listOf(), name = "3") + val docLevelInput = DocLevelMonitorInput("description", listOf("test-index"), listOf(docQuery)) + + val trigger = randomDocumentLevelTrigger(condition = Script("return true")) + val monitor = randomDocumentLevelMonitor( + inputs = listOf(docLevelInput), + triggers = listOf(trigger), + enabled = true, + schedule = IntervalSchedule(1, ChronoUnit.MINUTES) + ) + val monitorMetadata = MonitorMetadata( + "test", + SequenceNumbers.UNASSIGNED_SEQ_NO, + SequenceNumbers.UNASSIGNED_PRIMARY_TERM, + Monitor.NO_ID, + listOf(ActionExecutionTime("", Instant.now())), + mutableMapOf("index" to mutableMapOf("1" to "1")), + mutableMapOf("test-index" to ".opensearch-sap-test_windows-queries-000001") + ) + val indexExecutionContext = IndexExecutionContext( + listOf(docQuery), + mutableMapOf("index" to mutableMapOf("1" to "1")), + mutableMapOf("index" to mutableMapOf("1" to "1")), + "test-index", + "test-index", + listOf("test-index"), + listOf("test-index"), + listOf("test-field"), + listOf("1", "2") + ) + val workflowRunContext = WorkflowRunContext( + Workflow.NO_ID, + Workflow.NO_ID, + Monitor.NO_ID, + mutableMapOf("index" to listOf("1")), + true, + listOf("finding1") + ) + val docLevelMonitorFanOutRequest = DocLevelMonitorFanOutRequest( + monitor, + false, + monitorMetadata, + UUID.randomUUID().toString(), + indexExecutionContext, + listOf(ShardId("test-index", UUID.randomUUID().toString(), 0)), + listOf("test-index"), + workflowRunContext + ) + val out = BytesStreamOutput() + docLevelMonitorFanOutRequest.writeTo(out) + val sin = StreamInput.wrap(out.bytes().toBytesRef().bytes) + val newDocLevelMonitorFanOutRequest = DocLevelMonitorFanOutRequest(sin) + assertEquals(docLevelMonitorFanOutRequest.monitor, newDocLevelMonitorFanOutRequest.monitor) + assertEquals(docLevelMonitorFanOutRequest.executionId, newDocLevelMonitorFanOutRequest.executionId) + assertEquals(docLevelMonitorFanOutRequest.monitorMetadata, newDocLevelMonitorFanOutRequest.monitorMetadata) + assertEquals(docLevelMonitorFanOutRequest.indexExecutionContext, newDocLevelMonitorFanOutRequest.indexExecutionContext) + assertEquals(docLevelMonitorFanOutRequest.shardIds, newDocLevelMonitorFanOutRequest.shardIds) + assertEquals(docLevelMonitorFanOutRequest.workflowRunContext, newDocLevelMonitorFanOutRequest.workflowRunContext) + } } From 53b167aef0aef74dbb4a0dbce38c263b7e225235 Mon Sep 17 00:00:00 2001 From: Subhobrata Dey Date: Thu, 5 Dec 2024 21:20:53 +0000 Subject: [PATCH 5/5] address review comments Signed-off-by: Subhobrata Dey --- .../kotlin/org/opensearch/commons/alerting/model/Monitor.kt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/kotlin/org/opensearch/commons/alerting/model/Monitor.kt b/src/main/kotlin/org/opensearch/commons/alerting/model/Monitor.kt index 96bbf519..a0a5ed5b 100644 --- a/src/main/kotlin/org/opensearch/commons/alerting/model/Monitor.kt +++ b/src/main/kotlin/org/opensearch/commons/alerting/model/Monitor.kt @@ -174,7 +174,7 @@ data class Monitor( if (uiMetadata.isNotEmpty()) builder.field(UI_METADATA_FIELD, uiMetadata) builder.field(DATA_SOURCES_FIELD, dataSources) builder.field(DELETE_QUERY_INDEX_IN_EVERY_RUN_FIELD, deleteQueryIndexInEveryRun) - builder.field(SHOULD_PERSIST_FINDINGS_AND_ALERTS_FIELD, shouldCreateSingleAlertForFindings) + builder.field(SHOULD_CREATE_SINGLE_ALERT_FOR_FINDINGS_FIELD, shouldCreateSingleAlertForFindings) builder.field(OWNER_FIELD, owner) if (params.paramAsBoolean("with_type", false)) builder.endObject() return builder.endObject() @@ -249,7 +249,7 @@ data class Monitor( const val DATA_SOURCES_FIELD = "data_sources" const val ENABLED_TIME_FIELD = "enabled_time" const val DELETE_QUERY_INDEX_IN_EVERY_RUN_FIELD = "delete_query_index_in_every_run" - const val SHOULD_PERSIST_FINDINGS_AND_ALERTS_FIELD = "should_persist_findings_and_alerts" + const val SHOULD_CREATE_SINGLE_ALERT_FOR_FINDINGS_FIELD = "should_create_single_alert_for_findings" const val OWNER_FIELD = "owner" val MONITOR_TYPE_PATTERN = Pattern.compile("[a-zA-Z0-9_]{5,25}") @@ -338,7 +338,7 @@ data class Monitor( } else { xcp.booleanValue() } - SHOULD_PERSIST_FINDINGS_AND_ALERTS_FIELD -> delegateMonitor = if (xcp.currentToken() == XContentParser.Token.VALUE_NULL) { + SHOULD_CREATE_SINGLE_ALERT_FOR_FINDINGS_FIELD -> delegateMonitor = if (xcp.currentToken() == XContentParser.Token.VALUE_NULL) { delegateMonitor } else { xcp.booleanValue()