Skip to content

Commit

Permalink
Add flapping state object and interface in AAD index and Event Log (#…
Browse files Browse the repository at this point in the history 
…143920)

* move flapping to kibana.alerting in event log

* move flapping back to under kibana.alert. Add integration tests

* add default flapping state to alert logs
  • Loading branch information
@ersin-erdal
ersin-erdal authored Nov 7, 2022
1 parent 5e79898 commit c5bcfd6
Show file tree
Hide file tree
Showing 25 changed files with 192 additions and 30 deletions.
3 changes: 3 additions & 0 deletions packages/kbn-rule-data-utils/src/technical_field_names.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ const ALERT_DURATION = `${ALERT_NAMESPACE}.duration.us` as const;
const ALERT_END = `${ALERT_NAMESPACE}.end` as const;
const ALERT_EVALUATION_THRESHOLD = `${ALERT_NAMESPACE}.evaluation.threshold` as const;
const ALERT_EVALUATION_VALUE = `${ALERT_NAMESPACE}.evaluation.value` as const;
const ALERT_FLAPPING = `${ALERT_NAMESPACE}.flapping` as const;
const ALERT_INSTANCE_ID = `${ALERT_NAMESPACE}.instance.id` as const;
const ALERT_REASON = `${ALERT_NAMESPACE}.reason` as const;
const ALERT_RISK_SCORE = `${ALERT_NAMESPACE}.risk_score` as const;
Expand Down Expand Up @@ -115,6 +116,7 @@ const fields = {
ALERT_END,
ALERT_EVALUATION_THRESHOLD,
ALERT_EVALUATION_VALUE,
ALERT_FLAPPING,
ALERT_INSTANCE_ID,
ALERT_RULE_CONSUMER,
ALERT_RULE_PRODUCER,
Expand Down Expand Up @@ -176,6 +178,7 @@ export {
ALERT_END,
ALERT_EVALUATION_THRESHOLD,
ALERT_EVALUATION_VALUE,
ALERT_FLAPPING,
ALERT_INSTANCE_ID,
ALERT_NAMESPACE,
ALERT_RULE_NAMESPACE,
Expand Down
1 change: 1 addition & 0 deletions x-pack/plugins/alerting/common/alert_summary.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,4 +36,5 @@ export interface AlertStatus {
muted: boolean;
actionGroupId?: string;
activeStartDate?: string;
flapping: boolean;
}
58 changes: 56 additions & 2 deletions x-pack/plugins/alerting/server/lib/alert_summary_from_event_log.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,12 +122,14 @@ describe('alertSummaryFromEventLog', () => {
"alert-1": Object {
"actionGroupId": undefined,
"activeStartDate": undefined,
"flapping": false,
"muted": true,
"status": "OK",
},
"alert-2": Object {
"actionGroupId": undefined,
"activeStartDate": undefined,
"flapping": false,
"muted": true,
"status": "OK",
},
Expand Down Expand Up @@ -232,6 +234,7 @@ describe('alertSummaryFromEventLog', () => {
"alert-1": Object {
"actionGroupId": undefined,
"activeStartDate": undefined,
"flapping": false,
"muted": false,
"status": "OK",
},
Expand Down Expand Up @@ -272,6 +275,7 @@ describe('alertSummaryFromEventLog', () => {
"alert-1": Object {
"actionGroupId": undefined,
"activeStartDate": undefined,
"flapping": false,
"muted": false,
"status": "OK",
},
Expand Down Expand Up @@ -311,6 +315,7 @@ describe('alertSummaryFromEventLog', () => {
"alert-1": Object {
"actionGroupId": undefined,
"activeStartDate": undefined,
"flapping": false,
"muted": false,
"status": "OK",
},
Expand Down Expand Up @@ -351,6 +356,7 @@ describe('alertSummaryFromEventLog', () => {
"alert-1": Object {
"actionGroupId": "action group A",
"activeStartDate": "2020-06-18T00:00:00.000Z",
"flapping": false,
"muted": false,
"status": "Active",
},
Expand Down Expand Up @@ -391,6 +397,7 @@ describe('alertSummaryFromEventLog', () => {
"alert-1": Object {
"actionGroupId": undefined,
"activeStartDate": "2020-06-18T00:00:00.000Z",
"flapping": false,
"muted": false,
"status": "Active",
},
Expand Down Expand Up @@ -431,6 +438,7 @@ describe('alertSummaryFromEventLog', () => {
"alert-1": Object {
"actionGroupId": "action group B",
"activeStartDate": "2020-06-18T00:00:00.000Z",
"flapping": false,
"muted": false,
"status": "Active",
},
Expand Down Expand Up @@ -469,6 +477,7 @@ describe('alertSummaryFromEventLog', () => {
"alert-1": Object {
"actionGroupId": "action group A",
"activeStartDate": undefined,
"flapping": false,
"muted": false,
"status": "Active",
},
Expand Down Expand Up @@ -511,12 +520,14 @@ describe('alertSummaryFromEventLog', () => {
"alert-1": Object {
"actionGroupId": "action group A",
"activeStartDate": "2020-06-18T00:00:00.000Z",
"flapping": false,
"muted": true,
"status": "Active",
},
"alert-2": Object {
"actionGroupId": undefined,
"activeStartDate": undefined,
"flapping": false,
"muted": true,
"status": "OK",
},
Expand Down Expand Up @@ -566,12 +577,14 @@ describe('alertSummaryFromEventLog', () => {
"alert-1": Object {
"actionGroupId": "action group B",
"activeStartDate": "2020-06-18T00:00:00.000Z",
"flapping": false,
"muted": false,
"status": "Active",
},
"alert-2": Object {
"actionGroupId": undefined,
"activeStartDate": undefined,
"flapping": false,
"muted": false,
"status": "OK",
},
Expand All @@ -584,6 +597,43 @@ describe('alertSummaryFromEventLog', () => {
testExecutionDurations(eventsFactory.getExecutionDurations(), executionDuration);
});

test('rule with currently active alert, flapping', async () => {
const rule = createRule({});
const eventsFactory = new EventsFactory();
const events = eventsFactory
.addExecute()
.addActiveAlert('alert-1', 'action group A', true)
.getEvents();

const executionEvents = eventsFactory.getEvents();

const summary: AlertSummary = alertSummaryFromEventLog({
rule,
events,
executionEvents,
dateStart,
dateEnd,
});
const { lastRun, status, alerts, executionDuration } = summary;
expect({ lastRun, status, alerts }).toMatchInlineSnapshot(`
Object {
"alerts": Object {
"alert-1": Object {
"actionGroupId": "action group A",
"activeStartDate": undefined,
"flapping": true,
"muted": false,
"status": "Active",
},
},
"lastRun": "2020-06-18T00:00:00.000Z",
"status": "Active",
}
`);

testExecutionDurations(eventsFactory.getExecutionDurations(), executionDuration);
});

const testExecutionDurations = (
actualDurations: Record<string, number>,
executionDuration?: {
Expand Down Expand Up @@ -642,7 +692,11 @@ export class EventsFactory {
return this;
}

addActiveAlert(alertId: string, actionGroupId: string | undefined): EventsFactory {
addActiveAlert(
alertId: string,
actionGroupId: string | undefined,
flapping = false
): EventsFactory {
const kibanaAlerting = actionGroupId
? { instance_id: alertId, action_group_id: actionGroupId }
: { instance_id: alertId };
Expand All @@ -652,7 +706,7 @@ export class EventsFactory {
provider: EVENT_LOG_PROVIDER,
action: EVENT_LOG_ACTIONS.activeInstance,
},
kibana: { alerting: kibanaAlerting },
kibana: { alerting: kibanaAlerting, alert: { flapping } },
});
return this;
}
Expand Down
6 changes: 6 additions & 0 deletions x-pack/plugins/alerting/server/lib/alert_summary_from_event_log.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,11 @@ export function alertSummaryFromEventLog(params: AlertSummaryFromEventLogParams)
if (alertId === undefined) continue;

const status = getAlertStatus(alerts, alertId);

if (event?.kibana?.alert?.flapping) {
status.flapping = true;
}

switch (action) {
case EVENT_LOG_ACTIONS.newInstance:
status.activeStartDate = timeStamp;
Expand Down Expand Up @@ -152,6 +157,7 @@ function getAlertStatus(alerts: Map<string, AlertStatus>, alertId: string): Aler
muted: false,
actionGroupId: undefined,
activeStartDate: undefined,
flapping: false,
};
alerts.set(alertId, status);
return status;
Expand Down
1 change: 1 addition & 0 deletions x-pack/plugins/alerting/server/lib/alerting_event_logger/alerting_event_logger.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,7 @@ const alert = {
end: '2020-01-01T03:00:00.000Z',
duration: '2343252346',
},
flapping: false,
};

const action = {
Expand Down
2 changes: 2 additions & 0 deletions x-pack/plugins/alerting/server/lib/alerting_event_logger/alerting_event_logger.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ interface AlertOpts {
message: string;
group?: string;
state?: AlertInstanceState;
flapping: boolean;
}

interface ActionOpts {
Expand Down Expand Up @@ -247,6 +248,7 @@ export function createAlertRecord(context: RuleContextOpts, alert: AlertOpts) {
},
],
ruleName: context.ruleName,
flapping: alert.flapping,
});
}

Expand Down
3 changes: 3 additions & 0 deletions x-pack/plugins/alerting/server/lib/create_alert_event_log_record_object.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ interface CreateAlertEventLogRecordParams {
typeId: string;
relation?: string;
}>;
flapping?: boolean;
}

export function createAlertEventLogRecordObject(params: CreateAlertEventLogRecordParams): Event {
Expand All @@ -50,6 +51,7 @@ export function createAlertEventLogRecordObject(params: CreateAlertEventLogRecor
namespace,
consumer,
spaceId,
flapping,
} = params;
const alerting =
params.instanceId || group
Expand All @@ -72,6 +74,7 @@ export function createAlertEventLogRecordObject(params: CreateAlertEventLogRecor
},
kibana: {
alert: {
...(flapping !== undefined ? { flapping } : {}),
rule: {
rule_type_id: ruleType.id,
...(consumer ? { consumer } : {}),
Expand Down
5 changes: 4 additions & 1 deletion x-pack/plugins/alerting/server/rules_client/tests/get_alert_summary.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,7 +128,7 @@ describe('getAlertSummary()', () => {
.advanceTime(10000)
.addExecute()
.addRecoveredAlert('alert-previously-active')
.addActiveAlert('alert-currently-active', 'action group A')
.addActiveAlert('alert-currently-active', 'action group A', true)
.getEvents();
const eventsResult = {
...AlertSummaryFindEventsResult,
Expand Down Expand Up @@ -157,18 +157,21 @@ describe('getAlertSummary()', () => {
"alert-currently-active": Object {
"actionGroupId": "action group A",
"activeStartDate": "2019-02-12T21:01:22.479Z",
"flapping": true,
"muted": false,
"status": "Active",
},
"alert-muted-no-activity": Object {
"actionGroupId": undefined,
"activeStartDate": undefined,
"flapping": false,
"muted": true,
"status": "OK",
},
"alert-previously-active": Object {
"actionGroupId": undefined,
"activeStartDate": undefined,
"flapping": false,
"muted": false,
"status": "OK",
},
Expand Down
1 change: 1 addition & 0 deletions x-pack/plugins/alerting/server/task_runner/fixtures.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -198,6 +198,7 @@ export const generateAlertOpts = ({ action, group, state, id }: GeneratorParams
message,
state,
...(group ? { group } : {}),
flapping: false,
};
};

Expand Down
8 changes: 8 additions & 0 deletions x-pack/plugins/alerting/server/task_runner/log_alerts.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -158,48 +158,56 @@ describe('logAlerts', () => {
id: '7',
message: "test-rule-type-id:123: 'test rule' alert '7' has recovered",
state: {},
flapping: false,
});
expect(alertingEventLogger.logAlert).toHaveBeenNthCalledWith(2, {
action: 'recovered-instance',
id: '8',
message: "test-rule-type-id:123: 'test rule' alert '8' has recovered",
state: {},
flapping: false,
});
expect(alertingEventLogger.logAlert).toHaveBeenNthCalledWith(3, {
action: 'recovered-instance',
id: '9',
message: "test-rule-type-id:123: 'test rule' alert '9' has recovered",
state: {},
flapping: false,
});
expect(alertingEventLogger.logAlert).toHaveBeenNthCalledWith(4, {
action: 'recovered-instance',
id: '10',
message: "test-rule-type-id:123: 'test rule' alert '10' has recovered",
state: {},
flapping: false,
});
expect(alertingEventLogger.logAlert).toHaveBeenNthCalledWith(5, {
action: 'new-instance',
id: '4',
message: "test-rule-type-id:123: 'test rule' created new alert: '4'",
state: {},
flapping: false,
});
expect(alertingEventLogger.logAlert).toHaveBeenNthCalledWith(6, {
action: 'active-instance',
id: '1',
message: "test-rule-type-id:123: 'test rule' active alert: '1' in actionGroup: 'undefined'",
state: {},
flapping: false,
});
expect(alertingEventLogger.logAlert).toHaveBeenNthCalledWith(7, {
action: 'active-instance',
id: '2',
message: "test-rule-type-id:123: 'test rule' active alert: '2' in actionGroup: 'undefined'",
state: {},
flapping: false,
});
expect(alertingEventLogger.logAlert).toHaveBeenNthCalledWith(8, {
action: 'active-instance',
id: '4',
message: "test-rule-type-id:123: 'test rule' active alert: '4' in actionGroup: 'undefined'",
state: {},
flapping: false,
});
});

Expand Down
3 changes: 3 additions & 0 deletions x-pack/plugins/alerting/server/task_runner/log_alerts.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,7 @@ export function logAlerts<
group: actionGroup,
message,
state,
flapping: false,
});
}

Expand All @@ -115,6 +116,7 @@ export function logAlerts<
group: actionGroup,
message,
state,
flapping: false,
});
}

Expand All @@ -128,6 +130,7 @@ export function logAlerts<
group: actionGroup,
message,
state,
flapping: false,
});
}
}
Expand Down
3 changes: 3 additions & 0 deletions x-pack/plugins/event_log/generated/mappings.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -276,6 +276,9 @@
},
"alert": {
"properties": {
"flapping": {
"type": "boolean"
},
"rule": {
"properties": {
"consumer": {
Expand Down
Loading

0 comments on commit c5bcfd6

Please sign in to comment.