diff --git a/plugins/events-correlation-engine/src/javaRestTest/java/org/opensearch/plugin/correlation/EventsCorrelationPluginRestIT.java b/plugins/events-correlation-engine/src/javaRestTest/java/org/opensearch/plugin/correlation/EventsCorrelationPluginRestIT.java index e042ea119989c..bcc0ff4b8500b 100644 --- a/plugins/events-correlation-engine/src/javaRestTest/java/org/opensearch/plugin/correlation/EventsCorrelationPluginRestIT.java +++ b/plugins/events-correlation-engine/src/javaRestTest/java/org/opensearch/plugin/correlation/EventsCorrelationPluginRestIT.java @@ -136,10 +136,70 @@ public void testCorrelationWithSingleRule() throws IOException { Assert.assertEquals(1, ((Map) responseAsMap.get("neighbor_events")).size()); } + @SuppressWarnings("unchecked") + public void testSearchCorrelationsWithSingleRule() throws IOException { + String windowsIndex = "windows"; + Request request = new Request("PUT", "/" + windowsIndex); + request.setJsonEntity(windowsMappings()); + client().performRequest(request); + + String appLogsIndex = "app_logs"; + request = new Request("PUT", "/" + appLogsIndex); + request.setJsonEntity(appLogMappings()); + client().performRequest(request); + + String correlationRule = windowsToAppLogsCorrelationRule(); + request = new Request("POST", "/_correlation/rules"); + request.setJsonEntity(correlationRule); + client().performRequest(request); + + request = new Request("POST", String.format(Locale.ROOT, "/%s/_doc?refresh", windowsIndex)); + request.setJsonEntity(sampleWindowsEvent()); + Response response = client().performRequest(request); + String windowsId = responseAsMap(response).get("_id").toString(); + + request = new Request("POST", String.format(Locale.ROOT, "/%s/_doc?refresh", appLogsIndex)); + request.setJsonEntity(sampleAppLogsEvent()); + response = client().performRequest(request); + String appLogsId = responseAsMap(response).get("_id").toString(); + + request = new Request("POST", "/_correlation/events"); + request.setJsonEntity(prepareCorrelateEventRequest(windowsIndex, windowsId, true)); + client().performRequest(request); + + request = new Request("POST", "/_correlation/events"); + request.setJsonEntity(prepareCorrelateEventRequest(appLogsIndex, appLogsId, true)); + response = client().performRequest(request); + Map responseAsMap = responseAsMap(response); + Assert.assertEquals(1, ((Map) responseAsMap.get("neighbor_events")).size()); + + request = new Request("GET", prepareSearchCorrelationsRequest(windowsIndex, windowsId, "winlog.timestamp", 300000L, 5)); + response = client().performRequest(request); + responseAsMap = responseAsMap(response); + Assert.assertEquals(1, ((List) responseAsMap.get("events")).size()); + } + private String prepareCorrelateEventRequest(String index, String event) { return "{\n" + " \"index\": \"" + index + "\",\n" + " \"event\": \"" + event + "\",\n" + " \"store\": false\n" + "}"; } + private String prepareCorrelateEventRequest(String index, String event, Boolean store) { + return "{\n" + " \"index\": \"" + index + "\",\n" + " \"event\": \"" + event + "\",\n" + " \"store\": " + store + "\n" + "}"; + } + + private String prepareSearchCorrelationsRequest(String index, String event, String timestampField, Long timeWindow, int neighbors) { + return String.format( + Locale.ROOT, + "%s?index=%s&event=%s×tamp_field=%s&time_window=%s&nearby_events=%s", + "/_correlation/events", + index, + event, + timestampField, + timeWindow, + neighbors + ); + } + private String windowsToAppLogsCorrelationRule() { return "{\n" + " \"name\": \"windows to app logs\",\n" diff --git a/plugins/events-correlation-engine/src/main/java/org/opensearch/plugin/correlation/events/action/SearchCorrelatedEventsResponse.java b/plugins/events-correlation-engine/src/main/java/org/opensearch/plugin/correlation/events/action/SearchCorrelatedEventsResponse.java index ed0e8214e4343..7933bd0de2049 100644 --- a/plugins/events-correlation-engine/src/main/java/org/opensearch/plugin/correlation/events/action/SearchCorrelatedEventsResponse.java +++ b/plugins/events-correlation-engine/src/main/java/org/opensearch/plugin/correlation/events/action/SearchCorrelatedEventsResponse.java @@ -56,7 +56,7 @@ public SearchCorrelatedEventsResponse(StreamInput sin) throws IOException { @Override public XContentBuilder toXContent(XContentBuilder builder, Params params) throws IOException { builder.startObject().field(EVENTS, events).endObject(); - return builder.endObject(); + return builder; } @Override diff --git a/plugins/events-correlation-engine/src/main/java/org/opensearch/plugin/correlation/events/resthandler/RestSearchCorrelatedEventsAction.java b/plugins/events-correlation-engine/src/main/java/org/opensearch/plugin/correlation/events/resthandler/RestSearchCorrelatedEventsAction.java index 70c6fc5b227d0..84d2326b53090 100644 --- a/plugins/events-correlation-engine/src/main/java/org/opensearch/plugin/correlation/events/resthandler/RestSearchCorrelatedEventsAction.java +++ b/plugins/events-correlation-engine/src/main/java/org/opensearch/plugin/correlation/events/resthandler/RestSearchCorrelatedEventsAction.java @@ -60,6 +60,7 @@ protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient cli String timestampField = request.param("timestamp_field"); Long timeWindow = request.paramAsLong("time_window", 300000L); int noOfNearbyEvents = request.paramAsInt("nearby_events", 5); + log.info("hit here1-" + index + "-" + event); SearchCorrelatedEventsRequest correlatedEventsRequest = new SearchCorrelatedEventsRequest( index,