2014-10-24 12:49:33 +02:00
|
|
|
/*
|
|
|
|
|
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
|
|
|
|
* or more contributor license agreements. Licensed under the Elastic License;
|
|
|
|
|
* you may not use this file except in compliance with the Elastic License.
|
|
|
|
|
*/
|
2014-10-24 13:01:45 +01:00
|
|
|
package org.elasticsearch.alerts;
|
2014-10-24 12:49:33 +02:00
|
|
|
|
2014-11-09 20:50:03 +01:00
|
|
|
import org.elasticsearch.ElasticsearchIllegalArgumentException;
|
2014-11-06 21:25:53 +01:00
|
|
|
import org.elasticsearch.action.search.SearchRequest;
|
2014-11-13 13:42:51 +01:00
|
|
|
import org.elasticsearch.alerts.actions.AlertActionManager;
|
2014-11-05 10:05:17 +00:00
|
|
|
import org.elasticsearch.alerts.client.AlertsClientInterface;
|
|
|
|
|
import org.elasticsearch.alerts.transport.actions.delete.DeleteAlertRequest;
|
|
|
|
|
import org.elasticsearch.alerts.transport.actions.delete.DeleteAlertResponse;
|
2014-11-07 21:47:02 +01:00
|
|
|
import org.elasticsearch.alerts.transport.actions.index.IndexAlertResponse;
|
2014-11-06 21:25:53 +01:00
|
|
|
import org.elasticsearch.common.bytes.BytesReference;
|
2014-10-24 12:49:33 +02:00
|
|
|
import org.elasticsearch.test.ElasticsearchIntegrationTest;
|
|
|
|
|
import org.junit.Test;
|
|
|
|
|
|
2014-11-13 13:42:51 +01:00
|
|
|
import java.util.ArrayList;
|
|
|
|
|
import java.util.List;
|
|
|
|
|
|
2014-11-09 20:50:03 +01:00
|
|
|
import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder;
|
2014-11-13 13:42:51 +01:00
|
|
|
import static org.elasticsearch.index.query.FilterBuilders.rangeFilter;
|
|
|
|
|
import static org.elasticsearch.index.query.QueryBuilders.*;
|
2014-11-06 21:25:53 +01:00
|
|
|
import static org.elasticsearch.search.builder.SearchSourceBuilder.searchSource;
|
2014-11-13 13:42:51 +01:00
|
|
|
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
|
2014-11-06 21:25:53 +01:00
|
|
|
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertHitCount;
|
2014-11-07 21:47:02 +01:00
|
|
|
import static org.hamcrest.Matchers.is;
|
2014-10-24 12:49:33 +02:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
*/
|
2014-11-06 22:52:44 +01:00
|
|
|
@ElasticsearchIntegrationTest.ClusterScope(scope = ElasticsearchIntegrationTest.Scope.SUITE, numClientNodes = 0, transportClientRatio = 0)
|
2014-11-06 23:58:30 +01:00
|
|
|
public class BasicAlertingTest extends AbstractAlertingTests {
|
2014-10-24 12:49:33 +02:00
|
|
|
|
|
|
|
|
@Test
|
2014-11-06 21:25:53 +01:00
|
|
|
public void testIndexAlert() throws Exception {
|
|
|
|
|
AlertsClientInterface alertsClient = alertClient();
|
2014-10-24 12:49:33 +02:00
|
|
|
createIndex("my-index");
|
2014-11-06 21:25:53 +01:00
|
|
|
// Have a sample document in the index, the alert is going to evaluate
|
|
|
|
|
client().prepareIndex("my-index", "my-type").setSource("field", "value").get();
|
|
|
|
|
SearchRequest searchRequest = new SearchRequest("my-index").source(searchSource().query(termQuery("field", "value")));
|
|
|
|
|
BytesReference alertSource = createAlertSource("0/5 * * * * ? *", searchRequest, "hits.total == 1");
|
2014-11-06 23:49:50 +01:00
|
|
|
alertsClient.prepareIndexAlert("my-first-alert")
|
2014-11-06 21:25:53 +01:00
|
|
|
.setAlertSource(alertSource)
|
|
|
|
|
.get();
|
2014-11-07 13:45:48 +01:00
|
|
|
assertAlertTriggered("my-first-alert");
|
2014-11-06 21:25:53 +01:00
|
|
|
}
|
2014-11-05 10:05:17 +00:00
|
|
|
|
2014-11-08 02:13:59 +01:00
|
|
|
@Test
|
|
|
|
|
public void testIndexAlert_registerAlertBeforeTargetIndex() throws Exception {
|
|
|
|
|
AlertsClientInterface alertsClient = alertClient();
|
|
|
|
|
SearchRequest searchRequest = new SearchRequest("my-index").source(searchSource().query(termQuery("field", "value")));
|
|
|
|
|
BytesReference alertSource = createAlertSource("0/5 * * * * ? *", searchRequest, "hits.total == 1");
|
|
|
|
|
alertsClient.prepareIndexAlert("my-first-alert")
|
|
|
|
|
.setAlertSource(alertSource)
|
|
|
|
|
.get();
|
|
|
|
|
|
|
|
|
|
// The alert can't trigger because there is no data that matches with the query
|
|
|
|
|
assertNoAlertTrigger("my-first-alert");
|
|
|
|
|
|
|
|
|
|
// Index sample doc after we register the alert and the alert should get triggered
|
|
|
|
|
client().prepareIndex("my-index", "my-type").setSource("field", "value").get();
|
|
|
|
|
assertAlertTriggered("my-first-alert");
|
|
|
|
|
}
|
|
|
|
|
|
2014-11-06 21:25:53 +01:00
|
|
|
@Test
|
|
|
|
|
public void testDeleteAlert() throws Exception {
|
|
|
|
|
AlertsClientInterface alertsClient = alertClient();
|
|
|
|
|
createIndex("my-index");
|
|
|
|
|
// Have a sample document in the index, the alert is going to evaluate
|
|
|
|
|
client().prepareIndex("my-index", "my-type").setSource("field", "value").get();
|
|
|
|
|
SearchRequest searchRequest = new SearchRequest("my-index").source(searchSource().query(matchAllQuery()));
|
|
|
|
|
BytesReference alertSource = createAlertSource("0/5 * * * * ? *", searchRequest, "hits.total == 1");
|
2014-11-07 21:47:02 +01:00
|
|
|
IndexAlertResponse indexResponse = alertsClient.prepareIndexAlert("my-first-alert")
|
2014-11-06 21:25:53 +01:00
|
|
|
.setAlertSource(alertSource)
|
|
|
|
|
.get();
|
2014-11-07 21:47:02 +01:00
|
|
|
assertThat(indexResponse.indexResponse().isCreated(), is(true));
|
2014-11-06 21:25:53 +01:00
|
|
|
|
|
|
|
|
DeleteAlertRequest deleteAlertRequest = new DeleteAlertRequest("my-first-alert");
|
2014-11-05 10:05:17 +00:00
|
|
|
DeleteAlertResponse deleteAlertResponse = alertsClient.deleteAlert(deleteAlertRequest).actionGet();
|
2014-11-05 17:50:05 +00:00
|
|
|
assertNotNull(deleteAlertResponse.deleteResponse());
|
|
|
|
|
assertTrue(deleteAlertResponse.deleteResponse().isFound());
|
2014-11-05 10:05:17 +00:00
|
|
|
|
2014-11-07 23:47:25 +01:00
|
|
|
refresh();
|
2014-11-06 21:25:53 +01:00
|
|
|
assertHitCount(client().prepareCount(AlertsStore.ALERT_INDEX).get(), 0l);
|
2014-11-08 02:13:59 +01:00
|
|
|
|
|
|
|
|
// Deleting the same alert for the second time
|
|
|
|
|
deleteAlertRequest = new DeleteAlertRequest("my-first-alert");
|
|
|
|
|
deleteAlertResponse = alertsClient.deleteAlert(deleteAlertRequest).actionGet();
|
|
|
|
|
assertNotNull(deleteAlertResponse.deleteResponse());
|
|
|
|
|
assertFalse(deleteAlertResponse.deleteResponse().isFound());
|
2014-11-06 21:25:53 +01:00
|
|
|
}
|
|
|
|
|
|
2014-11-12 21:27:48 +01:00
|
|
|
@Test
|
2014-11-09 20:50:03 +01:00
|
|
|
public void testMalformedAlert() throws Exception {
|
|
|
|
|
AlertsClientInterface alertsClient = alertClient();
|
|
|
|
|
createIndex("my-index");
|
|
|
|
|
// Have a sample document in the index, the alert is going to evaluate
|
|
|
|
|
client().prepareIndex("my-index", "my-type").setSource("field", "value").get();
|
|
|
|
|
BytesReference alertSource = jsonBuilder().startObject()
|
|
|
|
|
.field("schedule", "0/5 * * * * ? *")
|
2014-11-13 13:42:51 +01:00
|
|
|
.startObject("trigger").startObject("script").field("script", "return true").endObject().endObject()
|
2014-11-09 20:50:03 +01:00
|
|
|
.field("enable", true)
|
|
|
|
|
.field("malformed_field", "x")
|
|
|
|
|
.endObject().bytes();
|
2014-11-12 21:27:48 +01:00
|
|
|
try {
|
|
|
|
|
alertsClient.prepareIndexAlert("my-first-alert")
|
|
|
|
|
.setAlertSource(alertSource)
|
|
|
|
|
.get();
|
|
|
|
|
fail();
|
|
|
|
|
} catch (ElasticsearchIllegalArgumentException e) {
|
|
|
|
|
// In AlertStore we fail parsing if an alert contains undefined fields.
|
|
|
|
|
}
|
|
|
|
|
try {
|
|
|
|
|
client().prepareIndex(AlertsStore.ALERT_INDEX, AlertsStore.ALERT_TYPE, "my-first-alert")
|
|
|
|
|
.setSource(alertSource)
|
|
|
|
|
.get();
|
|
|
|
|
fail();
|
|
|
|
|
} catch (Exception e) {
|
|
|
|
|
// The alert index template the mapping is defined as strict
|
|
|
|
|
}
|
2014-11-09 20:50:03 +01:00
|
|
|
}
|
2014-11-13 13:42:51 +01:00
|
|
|
|
|
|
|
|
@Test
|
|
|
|
|
public void testTriggerSearch() throws Exception {
|
|
|
|
|
assertAcked(prepareCreate("my-index")
|
|
|
|
|
.addMapping("my-type", "_timestamp", "enabled=true", "event_type", "type=string"));
|
|
|
|
|
|
|
|
|
|
String alertName = "red-alert";
|
|
|
|
|
long scheduleTimeInMs = 5000;
|
|
|
|
|
List<SearchRequest> searchRequests = new ArrayList<>();
|
|
|
|
|
searchRequests.add(
|
|
|
|
|
new SearchRequest("my-index")
|
|
|
|
|
.source(searchSource().query(
|
|
|
|
|
filteredQuery(matchQuery("event_type", "a"), rangeFilter("_timestamp").from("<<<SCHEDULED_FIRE_TIME>>>||-30s").to("<<<SCHEDULED_FIRE_TIME>>>"))
|
|
|
|
|
)
|
|
|
|
|
)
|
|
|
|
|
// TODO: add template based search requests
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
for (SearchRequest request : searchRequests) {
|
|
|
|
|
alertClient().prepareDeleteAlert(alertName).get();
|
|
|
|
|
alertClient().prepareIndexAlert(alertName)
|
|
|
|
|
.setAlertSource(createAlertSource(String.format("0/%s * * * * ? *", (scheduleTimeInMs / 1000)), request, "return hits.total >= 3"))
|
|
|
|
|
.get();
|
|
|
|
|
|
|
|
|
|
long time1 = System.currentTimeMillis();
|
|
|
|
|
client().prepareIndex("my-index", "my-type")
|
|
|
|
|
.setCreate(true)
|
|
|
|
|
.setSource("event_type", "a")
|
|
|
|
|
.get();
|
|
|
|
|
client().prepareIndex("my-index", "my-type")
|
|
|
|
|
.setCreate(true)
|
|
|
|
|
.setSource("event_type", "a")
|
|
|
|
|
.get();
|
|
|
|
|
long timeLeft = scheduleTimeInMs - (System.currentTimeMillis() - time1);
|
|
|
|
|
Thread.sleep(timeLeft);
|
|
|
|
|
assertNoAlertTrigger(alertName);
|
|
|
|
|
cluster().wipeIndices(AlertActionManager.ALERT_HISTORY_INDEX);
|
|
|
|
|
|
|
|
|
|
time1 = System.currentTimeMillis();
|
|
|
|
|
client().prepareIndex("my-index", "my-type")
|
|
|
|
|
.setCreate(true)
|
|
|
|
|
.setSource("event_type", "b")
|
|
|
|
|
.get();
|
|
|
|
|
timeLeft = scheduleTimeInMs - (System.currentTimeMillis() - time1);
|
|
|
|
|
Thread.sleep(timeLeft);
|
|
|
|
|
assertNoAlertTrigger(alertName);
|
|
|
|
|
|
|
|
|
|
time1 = System.currentTimeMillis();
|
|
|
|
|
client().prepareIndex("my-index", "my-type")
|
|
|
|
|
.setCreate(true)
|
|
|
|
|
.setSource("event_type", "a")
|
|
|
|
|
.get();
|
|
|
|
|
timeLeft = scheduleTimeInMs - (System.currentTimeMillis() - time1);
|
|
|
|
|
Thread.sleep(timeLeft);
|
|
|
|
|
assertAlertTriggered(alertName);
|
|
|
|
|
}
|
|
|
|
|
}
|
2014-10-24 12:49:33 +02:00
|
|
|
}
|
