Skip to content

Commit

Permalink
[ML] create alert instance key, add check for alert id
Browse files Browse the repository at this point in the history
  • Loading branch information
@darnautov
darnautov committed Feb 16, 2021
1 parent 897415d commit f393a0f
Show file tree
Hide file tree
Showing 3 changed files with 61 additions and 17 deletions.
13 changes: 8 additions & 5 deletions x-pack/plugins/ml/common/types/alerts.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ export type TopHitsResultsKeys = 'top_record_hits' | 'top_bucket_hits' | 'top_in
export interface AlertExecutionResult {
count: number;
key: number;
key_as_string: string;
alertInstanceKey: string;
isInterim: boolean;
jobIds: string[];
timestamp: number;
Expand Down Expand Up @@ -47,10 +47,13 @@ interface BaseAnomalyAlertDoc {
export interface RecordAnomalyAlertDoc extends BaseAnomalyAlertDoc {
result_type: typeof ANOMALY_RESULT_TYPE.RECORD;
function: string;
field_name: string;
by_field_value: string | number;
over_field_value: string | number;
partition_field_value: string | number;
field_name?: string;
by_field_name?: string;
by_field_value?: string | number;
over_field_name?: string;
over_field_value?: string | number;
partition_field_name?: string;
partition_field_value?: string | number;
}

export interface BucketAnomalyAlertDoc extends BaseAnomalyAlertDoc {
Expand Down
61 changes: 51 additions & 10 deletions x-pack/plugins/ml/server/lib/alerts/alerting_service.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -180,8 +180,11 @@ export function alertingServiceProvider(mlClient: MlClient, esClient: Elasticsea
'is_interim',
'function',
'field_name',
'by_field_name',
'by_field_value',
'over_field_name',
'over_field_value',
'partition_field_name',
'partition_field_value',
'job_id',
],
Expand Down Expand Up @@ -260,6 +263,26 @@ export function alertingServiceProvider(mlClient: MlClient, esClient: Elasticsea
};
};

/**
* Provides unique key for the anomaly result.
*/
const getAlertInstanceKey = (source: any): string => {
let alertInstanceKey = `${source.job_id}_${source.timestamp}`;
if (source.result_type === ANOMALY_RESULT_TYPE.INFLUENCER) {
alertInstanceKey += `_${source.influencer_field_name}_${source.influencer_field_value}`;
} else if (source.result_type === ANOMALY_RESULT_TYPE.RECORD) {
const fieldName =
source.field_name ??
source.by_field_name ??
source.over_field_name ??
source.partition_field_name;
const fieldValue =
source.by_field_value ?? source.over_field_value ?? source.partition_field_value;
alertInstanceKey += `_${source.function}_${fieldName}_${fieldValue}`;
}
return alertInstanceKey;
};

/**
* Builds a request body
* @param params
Expand Down Expand Up @@ -373,19 +396,22 @@ export function alertingServiceProvider(mlClient: MlClient, esClient: Elasticsea
const aggTypeResults = v[resultsLabel.aggGroupLabel];
const requestedAnomalies = aggTypeResults[resultsLabel.topHitsLabel].hits.hits;

const topAnomaly = requestedAnomalies[0];
const alertInstanceKey = getAlertInstanceKey(topAnomaly._source);

return {
count: aggTypeResults.doc_count,
key: v.key,
key_as_string: v.key_as_string,
alertInstanceKey,
jobIds: [...new Set(requestedAnomalies.map((h) => h._source.job_id))],
isInterim: requestedAnomalies.some((h) => h._source.is_interim),
timestamp: requestedAnomalies[0]._source.timestamp,
timestampIso8601: requestedAnomalies[0].fields.timestamp_iso8601[0],
timestampEpoch: requestedAnomalies[0].fields.timestamp_epoch[0],
score: requestedAnomalies[0].fields.score[0],
timestamp: topAnomaly._source.timestamp,
timestampIso8601: topAnomaly.fields.timestamp_iso8601[0],
timestampEpoch: topAnomaly.fields.timestamp_epoch[0],
score: topAnomaly.fields.score[0],
bucketRange: {
start: requestedAnomalies[0].fields.start[0],
end: requestedAnomalies[0].fields.end[0],
start: topAnomaly.fields.start[0],
end: topAnomaly.fields.end[0],
},
topRecords: v.record_results.top_record_hits.hits.hits.map((h) => ({
...h._source,
Expand Down Expand Up @@ -482,11 +508,14 @@ export function alertingServiceProvider(mlClient: MlClient, esClient: Elasticsea
/**
* Return the result of an alert condition execution.
*
* @param params
* @param params - Alert params
* @param publicBaseUrl
* @param alertId - Alert ID
*/
execute: async (
params: MlAnomalyDetectionAlertParams,
publicBaseUrl: string | undefined
publicBaseUrl: string | undefined,
alertId: string
): Promise<AnomalyDetectionAlertContext | undefined> => {
const res = await fetchAnomalies(params);

Expand All @@ -501,7 +530,7 @@ export function alertingServiceProvider(mlClient: MlClient, esClient: Elasticsea

const executionResult = {
...result,
name: result.key_as_string,
name: result.alertInstanceKey,
anomalyExplorerUrl,
kibanaBaseUrl: publicBaseUrl!,
};
Expand Down Expand Up @@ -529,6 +558,18 @@ export function alertingServiceProvider(mlClient: MlClient, esClient: Elasticsea
},
},
},
{
nested: {
path: 'kibana.saved_objects',
query: {
term: {
'kibana.saved_objects.id': {
value: alertId,
},
},
},
},
},
],
},
},
Expand Down
4 changes: 2 additions & 2 deletions x-pack/plugins/ml/server/lib/alerts/register_anomaly_detection_alert_type.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,13 +123,13 @@ export function registerAnomalyDetectionAlertType({
},
producer: PLUGIN_ID,
minimumLicenseRequired: MINIMUM_FULL_LICENSE,
async executor({ services, params }) {
async executor({ services, params, alertId }) {
const fakeRequest = {} as KibanaRequest;
const { execute } = mlSharedServices.alertingServiceProvider(
services.savedObjectsClient,
fakeRequest
);
const executionResult = await execute(params, publicBaseUrl);
const executionResult = await execute(params, publicBaseUrl, alertId);

if (executionResult) {
const alertInstanceName = executionResult.name;
Expand Down

0 comments on commit f393a0f

Please sign in to comment.