Repository: metron Updated Branches: refs/heads/master 4ef65e09e -> 877b51014
METRON-1869 Unable to Sort an Escalated Meta Alert (nickwallen) closes apache/metron#1280 Project: http://git-wip-us.apache.org/repos/asf/metron/repo Commit: http://git-wip-us.apache.org/repos/asf/metron/commit/877b5101 Tree: http://git-wip-us.apache.org/repos/asf/metron/tree/877b5101 Diff: http://git-wip-us.apache.org/repos/asf/metron/diff/877b5101 Branch: refs/heads/master Commit: 877b510146456f2eed6eb12c35b1124c35b00aa5 Parents: 4ef65e0 Author: nickwallen <[email protected]> Authored: Tue Dec 4 09:51:19 2018 -0500 Committer: nickallen <[email protected]> Committed: Tue Dec 4 09:51:19 2018 -0500 ---------------------------------------------------------------------- .../package/files/metaalert_index.template | 3 + .../ElasticsearchMetaAlertIntegrationTest.java | 3 +- .../dao/metaalert/MetaAlertIntegrationTest.java | 75 +++++++++++++++++++- 3 files changed, 79 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/metron/blob/877b5101/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/files/metaalert_index.template ---------------------------------------------------------------------- diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/files/metaalert_index.template b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/files/metaalert_index.template index 040c411..0c9978d 100644 --- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/files/metaalert_index.template +++ b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/files/metaalert_index.template @@ -29,6 +29,9 @@ "score": { "type": "keyword" }, + "alert_status": { + "type": "keyword" + }, "status": { "type": "keyword" }, http://git-wip-us.apache.org/repos/asf/metron/blob/877b5101/metron-platform/metron-elasticsearch/src/test/java/org/apache/metron/elasticsearch/integration/ElasticsearchMetaAlertIntegrationTest.java ---------------------------------------------------------------------- diff --git a/metron-platform/metron-elasticsearch/src/test/java/org/apache/metron/elasticsearch/integration/ElasticsearchMetaAlertIntegrationTest.java b/metron-platform/metron-elasticsearch/src/test/java/org/apache/metron/elasticsearch/integration/ElasticsearchMetaAlertIntegrationTest.java index cba0f65..eb821a8 100644 --- a/metron-platform/metron-elasticsearch/src/test/java/org/apache/metron/elasticsearch/integration/ElasticsearchMetaAlertIntegrationTest.java +++ b/metron-platform/metron-elasticsearch/src/test/java/org/apache/metron/elasticsearch/integration/ElasticsearchMetaAlertIntegrationTest.java @@ -115,7 +115,8 @@ public class ElasticsearchMetaAlertIntegrationTest extends MetaAlertIntegrationT "ip_src_addr" : { "type" : "keyword" }, "score" : { "type" : "integer" }, "metron_alert" : { "type" : "nested" }, - "source:type" : { "type" : "keyword"} + "source:type" : { "type" : "keyword"}, + "alert_status": { "type": "keyword" } } } } http://git-wip-us.apache.org/repos/asf/metron/blob/877b5101/metron-platform/metron-indexing/src/test/java/org/apache/metron/indexing/dao/metaalert/MetaAlertIntegrationTest.java ---------------------------------------------------------------------- diff --git a/metron-platform/metron-indexing/src/test/java/org/apache/metron/indexing/dao/metaalert/MetaAlertIntegrationTest.java b/metron-platform/metron-indexing/src/test/java/org/apache/metron/indexing/dao/metaalert/MetaAlertIntegrationTest.java index 90bee80..f1355a6 100644 --- a/metron-platform/metron-indexing/src/test/java/org/apache/metron/indexing/dao/metaalert/MetaAlertIntegrationTest.java +++ b/metron-platform/metron-indexing/src/test/java/org/apache/metron/indexing/dao/metaalert/MetaAlertIntegrationTest.java @@ -59,6 +59,8 @@ import org.json.simple.parser.ParseException; import org.junit.Assert; import org.junit.Test; +import static org.apache.metron.integration.utils.TestUtils.assertEventually; + public abstract class MetaAlertIntegrationTest { private static final String META_INDEX_FLAG = "%META_INDEX%"; @@ -145,7 +147,6 @@ public abstract class MetaAlertIntegrationTest { @Multiline public static String statusPatchRequest; - @Test public void shouldGetAllMetaAlertsForAlert() throws Exception { // Load alerts @@ -734,6 +735,78 @@ public abstract class MetaAlertIntegrationTest { searchResponse.getResults().get(0).getSource().get(STATUS_FIELD)); } + @Test + public void shouldSortMetaAlertsByAlertStatus() throws Exception { + final String guid = "meta_alert"; + setupTypings(); + + // should be able to sort meta-alert search results by 'alert_status' + SortField sortField = new SortField(); + sortField.setField("alert_status"); + sortField.setSortOrder("asc"); + + // when no meta-alerts exist, it should work + Assert.assertEquals(0, searchForSortedMetaAlerts(sortField).getTotal()); + + // when meta-alert just created, it should work + createMetaAlert(guid); + Assert.assertEquals(1, searchForSortedMetaAlerts(sortField).getTotal()); + + // when meta-alert 'esclated', it should work + escalateMetaAlert(guid); + Assert.assertEquals(1, searchForSortedMetaAlerts(sortField).getTotal()); + } + + private Map<String, Object> createMetaAlert(String guid) throws Exception { + // create and index 2 normal alerts + List<Map<String, Object>> alerts = buildAlerts(2); + alerts.get(0).put(METAALERT_FIELD, Collections.singletonList(guid)); + alerts.get(1).put(METAALERT_FIELD, Collections.singletonList(guid)); + addRecords(alerts, getTestIndexFullName(), SENSOR_NAME); + + // create and index a meta-alert + Map<String, Object> metaAlert = buildMetaAlert(guid, MetaAlertStatus.ACTIVE, Optional.of(alerts)); + addRecords(Collections.singletonList(metaAlert), getMetaAlertIndex(), METAALERT_TYPE); + + // ensure the test alerts were loaded + findCreatedDocs(Arrays.asList( + new GetRequest("message_0", SENSOR_NAME), + new GetRequest("message_1", SENSOR_NAME), + new GetRequest("meta_alert", METAALERT_TYPE))); + return metaAlert; + } + + private void escalateMetaAlert(String guid) throws Exception { + // create the patch that 'escalates' the meta-alert + Map<String, Object> patch = new HashMap<>(); + patch.put("op", "add"); + patch.put("path", "/alert_status"); + patch.put("value", "escalate"); + + // 'escalate' the meta-alert + PatchRequest patchRequest = new PatchRequest(); + patchRequest.setGuid(guid); + patchRequest.setIndex(getMetaAlertIndex()); + patchRequest.setSensorType(METAALERT_TYPE); + patchRequest.setPatch(Collections.singletonList(patch)); + metaDao.patch(metaDao, patchRequest, Optional.of(System.currentTimeMillis())); + + // ensure the alert status was changed to 'escalate' + assertEventually(() -> { + Document updated = metaDao.getLatest(guid, METAALERT_TYPE); + Assert.assertEquals("escalate", updated.getDocument().get("alert_status")); + }); + } + + private SearchResponse searchForSortedMetaAlerts(SortField sortBy) throws InvalidSearchException { + SearchRequest searchRequest = new SearchRequest(); + searchRequest.setFrom(0); + searchRequest.setSize(10); + searchRequest.setIndices(Arrays.asList(getTestIndexName(), METAALERT_TYPE)); + searchRequest.setQuery("*:*"); + searchRequest.setSort(Collections.singletonList(sortBy)); + return metaDao.search(searchRequest); + } @Test public void shouldHidesAlertsOnGroup() throws Exception {
