Skip to content

Commit b8f2342

Browse files
ymao1ymao1
authored
[Alerting] Display Action Group in Alert Details (#82645) (#82824)
* Adding action group id to event log. Showing action group as part of status in alert details view * Simplifying getting action group id * Cleanup * Adding unit tests * Updating functional tests * Updating test * Fix types check * Updating test * PR fixes * PR fixes
1 parent 09b76d8 commit b8f2342

File tree

17 files changed

+276
-65
lines changed

17 files changed

+276
-65
lines changed

x-pack/plugins/alerts/common/alert_instance_summary.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,5 +27,6 @@ export interface AlertInstanceSummary {
2727
export interface AlertInstanceStatus {
2828
status: AlertInstanceStatusValues;
2929
muted: boolean;
30+
actionGroupId?: string;
3031
activeStartDate?: string;
3132
}

x-pack/plugins/alerts/server/alerts_client/tests/get_alert_instance_summary.test.ts

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -118,12 +118,12 @@ describe('getAlertInstanceSummary()', () => {
118118
.addExecute()
119119
.addNewInstance('instance-currently-active')
120120
.addNewInstance('instance-previously-active')
121-
.addActiveInstance('instance-currently-active')
122-
.addActiveInstance('instance-previously-active')
121+
.addActiveInstance('instance-currently-active', 'action group A')
122+
.addActiveInstance('instance-previously-active', 'action group B')
123123
.advanceTime(10000)
124124
.addExecute()
125125
.addResolvedInstance('instance-previously-active')
126-
.addActiveInstance('instance-currently-active')
126+
.addActiveInstance('instance-currently-active', 'action group A')
127127
.getEvents();
128128
const eventsResult = {
129129
...AlertInstanceSummaryFindEventsResult,
@@ -144,16 +144,19 @@ describe('getAlertInstanceSummary()', () => {
144144
"id": "1",
145145
"instances": Object {
146146
"instance-currently-active": Object {
147+
"actionGroupId": "action group A",
147148
"activeStartDate": "2019-02-12T21:01:22.479Z",
148149
"muted": false,
149150
"status": "Active",
150151
},
151152
"instance-muted-no-activity": Object {
153+
"actionGroupId": undefined,
152154
"activeStartDate": undefined,
153155
"muted": true,
154156
"status": "OK",
155157
},
156158
"instance-previously-active": Object {
159+
"actionGroupId": undefined,
157160
"activeStartDate": undefined,
158161
"muted": false,
159162
"status": "OK",

x-pack/plugins/alerts/server/lib/alert_instance_summary_from_event_log.test.ts

Lines changed: 101 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -104,11 +104,13 @@ describe('alertInstanceSummaryFromEventLog', () => {
104104
Object {
105105
"instances": Object {
106106
"instance-1": Object {
107+
"actionGroupId": undefined,
107108
"activeStartDate": undefined,
108109
"muted": true,
109110
"status": "OK",
110111
},
111112
"instance-2": Object {
113+
"actionGroupId": undefined,
112114
"activeStartDate": undefined,
113115
"muted": true,
114116
"status": "OK",
@@ -184,7 +186,7 @@ describe('alertInstanceSummaryFromEventLog', () => {
184186
const events = eventsFactory
185187
.addExecute()
186188
.addNewInstance('instance-1')
187-
.addActiveInstance('instance-1')
189+
.addActiveInstance('instance-1', 'action group A')
188190
.advanceTime(10000)
189191
.addExecute()
190192
.addResolvedInstance('instance-1')
@@ -202,6 +204,7 @@ describe('alertInstanceSummaryFromEventLog', () => {
202204
Object {
203205
"instances": Object {
204206
"instance-1": Object {
207+
"actionGroupId": undefined,
205208
"activeStartDate": undefined,
206209
"muted": false,
207210
"status": "OK",
@@ -218,7 +221,7 @@ describe('alertInstanceSummaryFromEventLog', () => {
218221
const eventsFactory = new EventsFactory();
219222
const events = eventsFactory
220223
.addExecute()
221-
.addActiveInstance('instance-1')
224+
.addActiveInstance('instance-1', 'action group A')
222225
.advanceTime(10000)
223226
.addExecute()
224227
.addResolvedInstance('instance-1')
@@ -236,6 +239,7 @@ describe('alertInstanceSummaryFromEventLog', () => {
236239
Object {
237240
"instances": Object {
238241
"instance-1": Object {
242+
"actionGroupId": undefined,
239243
"activeStartDate": undefined,
240244
"muted": false,
241245
"status": "OK",
@@ -253,10 +257,10 @@ describe('alertInstanceSummaryFromEventLog', () => {
253257
const events = eventsFactory
254258
.addExecute()
255259
.addNewInstance('instance-1')
256-
.addActiveInstance('instance-1')
260+
.addActiveInstance('instance-1', 'action group A')
257261
.advanceTime(10000)
258262
.addExecute()
259-
.addActiveInstance('instance-1')
263+
.addActiveInstance('instance-1', 'action group A')
260264
.getEvents();
261265

262266
const summary: AlertInstanceSummary = alertInstanceSummaryFromEventLog({
@@ -271,6 +275,79 @@ describe('alertInstanceSummaryFromEventLog', () => {
271275
Object {
272276
"instances": Object {
273277
"instance-1": Object {
278+
"actionGroupId": "action group A",
279+
"activeStartDate": "2020-06-18T00:00:00.000Z",
280+
"muted": false,
281+
"status": "Active",
282+
},
283+
},
284+
"lastRun": "2020-06-18T00:00:10.000Z",
285+
"status": "Active",
286+
}
287+
`);
288+
});
289+
290+
test('alert with currently active instance with no action group in event log', async () => {
291+
const alert = createAlert({});
292+
const eventsFactory = new EventsFactory();
293+
const events = eventsFactory
294+
.addExecute()
295+
.addNewInstance('instance-1')
296+
.addActiveInstance('instance-1', undefined)
297+
.advanceTime(10000)
298+
.addExecute()
299+
.addActiveInstance('instance-1', undefined)
300+
.getEvents();
301+
302+
const summary: AlertInstanceSummary = alertInstanceSummaryFromEventLog({
303+
alert,
304+
events,
305+
dateStart,
306+
dateEnd,
307+
});
308+
309+
const { lastRun, status, instances } = summary;
310+
expect({ lastRun, status, instances }).toMatchInlineSnapshot(`
311+
Object {
312+
"instances": Object {
313+
"instance-1": Object {
314+
"actionGroupId": undefined,
315+
"activeStartDate": "2020-06-18T00:00:00.000Z",
316+
"muted": false,
317+
"status": "Active",
318+
},
319+
},
320+
"lastRun": "2020-06-18T00:00:10.000Z",
321+
"status": "Active",
322+
}
323+
`);
324+
});
325+
326+
test('alert with currently active instance that switched action groups', async () => {
327+
const alert = createAlert({});
328+
const eventsFactory = new EventsFactory();
329+
const events = eventsFactory
330+
.addExecute()
331+
.addNewInstance('instance-1')
332+
.addActiveInstance('instance-1', 'action group A')
333+
.advanceTime(10000)
334+
.addExecute()
335+
.addActiveInstance('instance-1', 'action group B')
336+
.getEvents();
337+
338+
const summary: AlertInstanceSummary = alertInstanceSummaryFromEventLog({
339+
alert,
340+
events,
341+
dateStart,
342+
dateEnd,
343+
});
344+
345+
const { lastRun, status, instances } = summary;
346+
expect({ lastRun, status, instances }).toMatchInlineSnapshot(`
347+
Object {
348+
"instances": Object {
349+
"instance-1": Object {
350+
"actionGroupId": "action group B",
274351
"activeStartDate": "2020-06-18T00:00:00.000Z",
275352
"muted": false,
276353
"status": "Active",
@@ -287,10 +364,10 @@ describe('alertInstanceSummaryFromEventLog', () => {
287364
const eventsFactory = new EventsFactory();
288365
const events = eventsFactory
289366
.addExecute()
290-
.addActiveInstance('instance-1')
367+
.addActiveInstance('instance-1', 'action group A')
291368
.advanceTime(10000)
292369
.addExecute()
293-
.addActiveInstance('instance-1')
370+
.addActiveInstance('instance-1', 'action group A')
294371
.getEvents();
295372

296373
const summary: AlertInstanceSummary = alertInstanceSummaryFromEventLog({
@@ -305,6 +382,7 @@ describe('alertInstanceSummaryFromEventLog', () => {
305382
Object {
306383
"instances": Object {
307384
"instance-1": Object {
385+
"actionGroupId": "action group A",
308386
"activeStartDate": undefined,
309387
"muted": false,
310388
"status": "Active",
@@ -322,12 +400,12 @@ describe('alertInstanceSummaryFromEventLog', () => {
322400
const events = eventsFactory
323401
.addExecute()
324402
.addNewInstance('instance-1')
325-
.addActiveInstance('instance-1')
403+
.addActiveInstance('instance-1', 'action group A')
326404
.addNewInstance('instance-2')
327-
.addActiveInstance('instance-2')
405+
.addActiveInstance('instance-2', 'action group B')
328406
.advanceTime(10000)
329407
.addExecute()
330-
.addActiveInstance('instance-1')
408+
.addActiveInstance('instance-1', 'action group A')
331409
.addResolvedInstance('instance-2')
332410
.getEvents();
333411

@@ -343,11 +421,13 @@ describe('alertInstanceSummaryFromEventLog', () => {
343421
Object {
344422
"instances": Object {
345423
"instance-1": Object {
424+
"actionGroupId": "action group A",
346425
"activeStartDate": "2020-06-18T00:00:00.000Z",
347426
"muted": true,
348427
"status": "Active",
349428
},
350429
"instance-2": Object {
430+
"actionGroupId": undefined,
351431
"activeStartDate": undefined,
352432
"muted": true,
353433
"status": "OK",
@@ -365,19 +445,19 @@ describe('alertInstanceSummaryFromEventLog', () => {
365445
const events = eventsFactory
366446
.addExecute()
367447
.addNewInstance('instance-1')
368-
.addActiveInstance('instance-1')
448+
.addActiveInstance('instance-1', 'action group A')
369449
.addNewInstance('instance-2')
370-
.addActiveInstance('instance-2')
450+
.addActiveInstance('instance-2', 'action group B')
371451
.advanceTime(10000)
372452
.addExecute()
373-
.addActiveInstance('instance-1')
453+
.addActiveInstance('instance-1', 'action group A')
374454
.addResolvedInstance('instance-2')
375455
.advanceTime(10000)
376456
.addExecute()
377-
.addActiveInstance('instance-1')
457+
.addActiveInstance('instance-1', 'action group B')
378458
.advanceTime(10000)
379459
.addExecute()
380-
.addActiveInstance('instance-1')
460+
.addActiveInstance('instance-1', 'action group B')
381461
.getEvents();
382462

383463
const summary: AlertInstanceSummary = alertInstanceSummaryFromEventLog({
@@ -392,11 +472,13 @@ describe('alertInstanceSummaryFromEventLog', () => {
392472
Object {
393473
"instances": Object {
394474
"instance-1": Object {
475+
"actionGroupId": "action group B",
395476
"activeStartDate": "2020-06-18T00:00:00.000Z",
396477
"muted": false,
397478
"status": "Active",
398479
},
399480
"instance-2": Object {
481+
"actionGroupId": undefined,
400482
"activeStartDate": undefined,
401483
"muted": false,
402484
"status": "OK",
@@ -452,14 +534,17 @@ export class EventsFactory {
452534
return this;
453535
}
454536

455-
addActiveInstance(instanceId: string): EventsFactory {
537+
addActiveInstance(instanceId: string, actionGroupId: string | undefined): EventsFactory {
538+
const kibanaAlerting = actionGroupId
539+
? { instance_id: instanceId, action_group_id: actionGroupId }
540+
: { instance_id: instanceId };
456541
this.events.push({
457542
'@timestamp': this.date,
458543
event: {
459544
provider: EVENT_LOG_PROVIDER,
460545
action: EVENT_LOG_ACTIONS.activeInstance,
461546
},
462-
kibana: { alerting: { instance_id: instanceId } },
547+
kibana: { alerting: kibanaAlerting },
463548
});
464549
return this;
465550
}

x-pack/plugins/alerts/server/lib/alert_instance_summary_from_event_log.ts

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -78,10 +78,12 @@ export function alertInstanceSummaryFromEventLog(
7878
// intentionally no break here
7979
case EVENT_LOG_ACTIONS.activeInstance:
8080
status.status = 'Active';
81+
status.actionGroupId = event?.kibana?.alerting?.action_group_id;
8182
break;
8283
case EVENT_LOG_ACTIONS.resolvedInstance:
8384
status.status = 'OK';
8485
status.activeStartDate = undefined;
86+
status.actionGroupId = undefined;
8587
}
8688
}
8789

@@ -118,6 +120,7 @@ function getAlertInstanceStatus(
118120
const status: AlertInstanceStatus = {
119121
status: 'OK',
120122
muted: false,
123+
actionGroupId: undefined,
121124
activeStartDate: undefined,
122125
};
123126
instances.set(instanceId, status);

x-pack/plugins/alerts/server/task_runner/task_runner.test.ts

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -292,6 +292,7 @@ describe('Task Runner', () => {
292292
kibana: {
293293
alerting: {
294294
instance_id: '1',
295+
action_group_id: 'default',
295296
},
296297
saved_objects: [
297298
{
@@ -302,7 +303,7 @@ describe('Task Runner', () => {
302303
},
303304
],
304305
},
305-
message: "test:1: 'alert-name' active instance: '1'",
306+
message: "test:1: 'alert-name' active instance: '1' in actionGroup: 'default'",
306307
});
307308
expect(eventLogger.logEvent).toHaveBeenCalledWith({
308309
event: {
@@ -424,6 +425,7 @@ describe('Task Runner', () => {
424425
},
425426
"kibana": Object {
426427
"alerting": Object {
428+
"action_group_id": undefined,
427429
"instance_id": "1",
428430
},
429431
"saved_objects": Array [
@@ -445,6 +447,7 @@ describe('Task Runner', () => {
445447
},
446448
"kibana": Object {
447449
"alerting": Object {
450+
"action_group_id": "default",
448451
"instance_id": "1",
449452
},
450453
"saved_objects": Array [
@@ -456,7 +459,7 @@ describe('Task Runner', () => {
456459
},
457460
],
458461
},
459-
"message": "test:1: 'alert-name' active instance: '1'",
462+
"message": "test:1: 'alert-name' active instance: '1' in actionGroup: 'default'",
460463
},
461464
],
462465
Array [
@@ -565,6 +568,7 @@ describe('Task Runner', () => {
565568
},
566569
"kibana": Object {
567570
"alerting": Object {
571+
"action_group_id": undefined,
568572
"instance_id": "2",
569573
},
570574
"saved_objects": Array [
@@ -586,6 +590,7 @@ describe('Task Runner', () => {
586590
},
587591
"kibana": Object {
588592
"alerting": Object {
593+
"action_group_id": "default",
589594
"instance_id": "1",
590595
},
591596
"saved_objects": Array [
@@ -597,7 +602,7 @@ describe('Task Runner', () => {
597602
},
598603
],
599604
},
600-
"message": "test:1: 'alert-name' active instance: '1'",
605+
"message": "test:1: 'alert-name' active instance: '1' in actionGroup: 'default'",
601606
},
602607
],
603608
]

0 commit comments

Comments
 (0)