You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@metron.apache.org by ni...@apache.org on 2018/12/04 14:52:38 UTC
metron git commit: METRON-1869 Unable to Sort an Escalated Meta Alert
(nickwallen) closes apache/metron#1280
Repository: metron
Updated Branches:
refs/heads/master 4ef65e09e -> 877b51014
METRON-1869 Unable to Sort an Escalated Meta Alert (nickwallen) closes apache/metron#1280
Project: http://git-wip-us.apache.org/repos/asf/metron/repo
Commit: http://git-wip-us.apache.org/repos/asf/metron/commit/877b5101
Tree: http://git-wip-us.apache.org/repos/asf/metron/tree/877b5101
Diff: http://git-wip-us.apache.org/repos/asf/metron/diff/877b5101
Branch: refs/heads/master
Commit: 877b510146456f2eed6eb12c35b1124c35b00aa5
Parents: 4ef65e0
Author: nickwallen <ni...@nickallen.org>
Authored: Tue Dec 4 09:51:19 2018 -0500
Committer: nickallen <ni...@apache.org>
Committed: Tue Dec 4 09:51:19 2018 -0500
----------------------------------------------------------------------
.../package/files/metaalert_index.template | 3 +
.../ElasticsearchMetaAlertIntegrationTest.java | 3 +-
.../dao/metaalert/MetaAlertIntegrationTest.java | 75 +++++++++++++++++++-
3 files changed, 79 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/metron/blob/877b5101/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/files/metaalert_index.template
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/files/metaalert_index.template b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/files/metaalert_index.template
index 040c411..0c9978d 100644
--- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/files/metaalert_index.template
+++ b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/files/metaalert_index.template
@@ -29,6 +29,9 @@
"score": {
"type": "keyword"
},
+ "alert_status": {
+ "type": "keyword"
+ },
"status": {
"type": "keyword"
},
http://git-wip-us.apache.org/repos/asf/metron/blob/877b5101/metron-platform/metron-elasticsearch/src/test/java/org/apache/metron/elasticsearch/integration/ElasticsearchMetaAlertIntegrationTest.java
----------------------------------------------------------------------
diff --git a/metron-platform/metron-elasticsearch/src/test/java/org/apache/metron/elasticsearch/integration/ElasticsearchMetaAlertIntegrationTest.java b/metron-platform/metron-elasticsearch/src/test/java/org/apache/metron/elasticsearch/integration/ElasticsearchMetaAlertIntegrationTest.java
index cba0f65..eb821a8 100644
--- a/metron-platform/metron-elasticsearch/src/test/java/org/apache/metron/elasticsearch/integration/ElasticsearchMetaAlertIntegrationTest.java
+++ b/metron-platform/metron-elasticsearch/src/test/java/org/apache/metron/elasticsearch/integration/ElasticsearchMetaAlertIntegrationTest.java
@@ -115,7 +115,8 @@ public class ElasticsearchMetaAlertIntegrationTest extends MetaAlertIntegrationT
"ip_src_addr" : { "type" : "keyword" },
"score" : { "type" : "integer" },
"metron_alert" : { "type" : "nested" },
- "source:type" : { "type" : "keyword"}
+ "source:type" : { "type" : "keyword"},
+ "alert_status": { "type": "keyword" }
}
}
}
http://git-wip-us.apache.org/repos/asf/metron/blob/877b5101/metron-platform/metron-indexing/src/test/java/org/apache/metron/indexing/dao/metaalert/MetaAlertIntegrationTest.java
----------------------------------------------------------------------
diff --git a/metron-platform/metron-indexing/src/test/java/org/apache/metron/indexing/dao/metaalert/MetaAlertIntegrationTest.java b/metron-platform/metron-indexing/src/test/java/org/apache/metron/indexing/dao/metaalert/MetaAlertIntegrationTest.java
index 90bee80..f1355a6 100644
--- a/metron-platform/metron-indexing/src/test/java/org/apache/metron/indexing/dao/metaalert/MetaAlertIntegrationTest.java
+++ b/metron-platform/metron-indexing/src/test/java/org/apache/metron/indexing/dao/metaalert/MetaAlertIntegrationTest.java
@@ -59,6 +59,8 @@ import org.json.simple.parser.ParseException;
import org.junit.Assert;
import org.junit.Test;
+import static org.apache.metron.integration.utils.TestUtils.assertEventually;
+
public abstract class MetaAlertIntegrationTest {
private static final String META_INDEX_FLAG = "%META_INDEX%";
@@ -145,7 +147,6 @@ public abstract class MetaAlertIntegrationTest {
@Multiline
public static String statusPatchRequest;
-
@Test
public void shouldGetAllMetaAlertsForAlert() throws Exception {
// Load alerts
@@ -734,6 +735,78 @@ public abstract class MetaAlertIntegrationTest {
searchResponse.getResults().get(0).getSource().get(STATUS_FIELD));
}
+ @Test
+ public void shouldSortMetaAlertsByAlertStatus() throws Exception {
+ final String guid = "meta_alert";
+ setupTypings();
+
+ // should be able to sort meta-alert search results by 'alert_status'
+ SortField sortField = new SortField();
+ sortField.setField("alert_status");
+ sortField.setSortOrder("asc");
+
+ // when no meta-alerts exist, it should work
+ Assert.assertEquals(0, searchForSortedMetaAlerts(sortField).getTotal());
+
+ // when meta-alert just created, it should work
+ createMetaAlert(guid);
+ Assert.assertEquals(1, searchForSortedMetaAlerts(sortField).getTotal());
+
+ // when meta-alert 'esclated', it should work
+ escalateMetaAlert(guid);
+ Assert.assertEquals(1, searchForSortedMetaAlerts(sortField).getTotal());
+ }
+
+ private Map<String, Object> createMetaAlert(String guid) throws Exception {
+ // create and index 2 normal alerts
+ List<Map<String, Object>> alerts = buildAlerts(2);
+ alerts.get(0).put(METAALERT_FIELD, Collections.singletonList(guid));
+ alerts.get(1).put(METAALERT_FIELD, Collections.singletonList(guid));
+ addRecords(alerts, getTestIndexFullName(), SENSOR_NAME);
+
+ // create and index a meta-alert
+ Map<String, Object> metaAlert = buildMetaAlert(guid, MetaAlertStatus.ACTIVE, Optional.of(alerts));
+ addRecords(Collections.singletonList(metaAlert), getMetaAlertIndex(), METAALERT_TYPE);
+
+ // ensure the test alerts were loaded
+ findCreatedDocs(Arrays.asList(
+ new GetRequest("message_0", SENSOR_NAME),
+ new GetRequest("message_1", SENSOR_NAME),
+ new GetRequest("meta_alert", METAALERT_TYPE)));
+ return metaAlert;
+ }
+
+ private void escalateMetaAlert(String guid) throws Exception {
+ // create the patch that 'escalates' the meta-alert
+ Map<String, Object> patch = new HashMap<>();
+ patch.put("op", "add");
+ patch.put("path", "/alert_status");
+ patch.put("value", "escalate");
+
+ // 'escalate' the meta-alert
+ PatchRequest patchRequest = new PatchRequest();
+ patchRequest.setGuid(guid);
+ patchRequest.setIndex(getMetaAlertIndex());
+ patchRequest.setSensorType(METAALERT_TYPE);
+ patchRequest.setPatch(Collections.singletonList(patch));
+ metaDao.patch(metaDao, patchRequest, Optional.of(System.currentTimeMillis()));
+
+ // ensure the alert status was changed to 'escalate'
+ assertEventually(() -> {
+ Document updated = metaDao.getLatest(guid, METAALERT_TYPE);
+ Assert.assertEquals("escalate", updated.getDocument().get("alert_status"));
+ });
+ }
+
+ private SearchResponse searchForSortedMetaAlerts(SortField sortBy) throws InvalidSearchException {
+ SearchRequest searchRequest = new SearchRequest();
+ searchRequest.setFrom(0);
+ searchRequest.setSize(10);
+ searchRequest.setIndices(Arrays.asList(getTestIndexName(), METAALERT_TYPE));
+ searchRequest.setQuery("*:*");
+ searchRequest.setSort(Collections.singletonList(sortBy));
+ return metaDao.search(searchRequest);
+ }
@Test
public void shouldHidesAlertsOnGroup() throws Exception {