Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add search request timeouts for correlations workflows #893

Merged
merged 4 commits into from
Mar 8, 2024
Merged

Add search request timeouts for correlations workflows #893

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
0355f8f
Reinstating more leaks plugged-in for correlations workflows
goyamegh Mar 7, 2024
998c075
Add search timeouts to all correlation searches
goyamegh Mar 8, 2024
87cf6ca
Fix logging and exception messages
goyamegh Mar 8, 2024
7788f84
Change search timeout to 30 seconds
goyamegh Mar 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions src/main/java/org/opensearch/securityanalytics/correlation/JoinEngine.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
import org.apache.lucene.search.join.ScoreMode;
import org.opensearch.OpenSearchStatusException;
import org.opensearch.cluster.routing.Preference;
import org.opensearch.common.unit.TimeValue;
import org.opensearch.commons.alerting.model.DocLevelQuery;
import org.opensearch.core.action.ActionListener;
import org.opensearch.action.search.MultiSearchRequest;
Expand Down Expand Up @@ -132,6 +133,7 @@
searchRequest.indices(DetectorMonitorConfig.getAllFindingsIndicesPattern(logTypeName));
searchRequest.source(sourceBuilder);
searchRequest.preference(Preference.PRIMARY_FIRST.type());
searchRequest.setCancelAfterTimeInterval(TimeValue.timeValueSeconds(10L));

Check warning on line 136 in src/main/java/org/opensearch/securityanalytics/correlation/JoinEngine.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/correlation/JoinEngine.java#L136 

Added line #L136 was not covered by tests
mSearchRequest.add(searchRequest);
}

Expand Down Expand Up @@ -214,6 +216,7 @@
searchRequest.indices(CorrelationRule.CORRELATION_RULE_INDEX);
searchRequest.source(searchSourceBuilder);
searchRequest.preference(Preference.PRIMARY_FIRST.type());
searchRequest.setCancelAfterTimeInterval(TimeValue.timeValueSeconds(10L));

Check warning on line 219 in src/main/java/org/opensearch/securityanalytics/correlation/JoinEngine.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/correlation/JoinEngine.java#L219 

Added line #L219 was not covered by tests

client.search(searchRequest, ActionListener.wrap(response -> {
if (response.isTimedOut()) {
Expand Down Expand Up @@ -277,6 +280,7 @@
searchRequest.indices(indices.toArray(new String[]{}));
searchRequest.source(searchSourceBuilder);
searchRequest.preference(Preference.PRIMARY_FIRST.type());
searchRequest.setCancelAfterTimeInterval(TimeValue.timeValueSeconds(10L));

Check warning on line 283 in src/main/java/org/opensearch/securityanalytics/correlation/JoinEngine.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/correlation/JoinEngine.java#L283 

Added line #L283 was not covered by tests

validCorrelationRules.add(rule);
validFields.add(query.get().getField());
Expand Down Expand Up @@ -377,6 +381,7 @@
searchRequest.indices(DetectorMonitorConfig.getAllFindingsIndicesPattern(categoryToQueries.getKey()));
searchRequest.source(searchSourceBuilder);
searchRequest.preference(Preference.PRIMARY_FIRST.type());
searchRequest.setCancelAfterTimeInterval(TimeValue.timeValueSeconds(10L));

Check warning on line 384 in src/main/java/org/opensearch/securityanalytics/correlation/JoinEngine.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/correlation/JoinEngine.java#L384 

Added line #L384 was not covered by tests
mSearchRequest.add(searchRequest);
categoryToQueriesPairs.add(Pair.of(categoryToQueries.getKey(), categoryToQueries.getValue()));
}
Expand Down Expand Up @@ -441,6 +446,7 @@
searchRequest.indices(docSearchCriteria.getValue().indices.toArray(new String[]{}));
searchRequest.source(searchSourceBuilder);
searchRequest.preference(Preference.PRIMARY_FIRST.type());
searchRequest.setCancelAfterTimeInterval(TimeValue.timeValueSeconds(10L));

Check warning on line 449 in src/main/java/org/opensearch/securityanalytics/correlation/JoinEngine.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/correlation/JoinEngine.java#L449 

Added line #L449 was not covered by tests

categories.add(docSearchCriteria.getKey());
mSearchRequest.add(searchRequest);
Expand Down Expand Up @@ -502,6 +508,7 @@
searchRequest.indices(DetectorMonitorConfig.getAllFindingsIndicesPattern(relatedDocIds.getKey()));
searchRequest.source(searchSourceBuilder);
searchRequest.preference(Preference.PRIMARY_FIRST.type());
searchRequest.setCancelAfterTimeInterval(TimeValue.timeValueSeconds(10L));

Check warning on line 511 in src/main/java/org/opensearch/securityanalytics/correlation/JoinEngine.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/correlation/JoinEngine.java#L511 

Added line #L511 was not covered by tests

categories.add(relatedDocIds.getKey());
mSearchRequest.add(searchRequest);
Expand Down
13 changes: 13 additions & 0 deletions src/main/java/org/opensearch/securityanalytics/correlation/VectorEmbeddingsEngine.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,7 @@
request.indices(CorrelationIndices.CORRELATION_HISTORY_INDEX_PATTERN_REGEXP);
request.source(searchSourceBuilder);
request.preference(Preference.PRIMARY_FIRST.type());
request.setCancelAfterTimeInterval(TimeValue.timeValueSeconds(10L));

Check warning on line 97 in src/main/java/org/opensearch/securityanalytics/correlation/VectorEmbeddingsEngine.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/correlation/VectorEmbeddingsEngine.java#L97 

Added line #L97 was not covered by tests
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why such an aggressive timeout

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We were seeing correlations tasks hanging around due to searches. Since these are system indices, we have configured a standard 10 second timeout for now, but we can discuss and make it configurable in future.


mSearchRequest.add(request);
}
Expand Down Expand Up @@ -195,6 +196,14 @@
}

public void insertOrphanFindings(String detectorType, Finding finding, float timestampFeature, Map<String, CustomLogType> logTypes) {
if (logTypes.get(detectorType) == null ) {
log.debug("[PERF-DEBUG] insertOrphanFindings detector type {} {}", detectorType, finding.getId());

Check warning on line 200 in src/main/java/org/opensearch/securityanalytics/correlation/VectorEmbeddingsEngine.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/correlation/VectorEmbeddingsEngine.java#L200 

Added line #L200 was not covered by tests
for (String key : logTypes.keySet()) {
log.debug("[PERF-DEBUG] keys {}", key);
Copy link
Member

@eirsep eirsep Mar 8, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Plz remove perf_debug prefix in all logs

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed logging.

}
onFailure(new OpenSearchStatusException("insertOrphanFindings null log types for detector type: " + detectorType, RestStatus.INTERNAL_SERVER_ERROR));

Check warning on line 204 in src/main/java/org/opensearch/securityanalytics/correlation/VectorEmbeddingsEngine.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/correlation/VectorEmbeddingsEngine.java#L202-L204 

Added lines #L202 - L204 were not covered by tests
}

SearchRequest searchRequest = getSearchMetadataIndexRequest(detectorType, finding, logTypes);
Map<String, Object> tags = logTypes.get(detectorType).getTags();
String correlationId = tags.get("correlation_id").toString();
Expand Down Expand Up @@ -323,6 +332,7 @@
request.indices(CorrelationIndices.CORRELATION_HISTORY_INDEX_PATTERN_REGEXP);
request.source(searchSourceBuilder);
request.preference(Preference.PRIMARY_FIRST.type());
request.setCancelAfterTimeInterval(TimeValue.timeValueSeconds(10L));

Check warning on line 335 in src/main/java/org/opensearch/securityanalytics/correlation/VectorEmbeddingsEngine.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/correlation/VectorEmbeddingsEngine.java#L335 

Added line #L335 was not covered by tests

client.search(request, ActionListener.wrap(searchResponse -> {
if (searchResponse.isTimedOut()) {
Expand Down Expand Up @@ -407,6 +417,8 @@
} catch (Exception ex) {
onFailure(ex);
}
} else {
onFailure(new OpenSearchStatusException("Indexing failed", RestStatus.INTERNAL_SERVER_ERROR));

Check warning on line 421 in src/main/java/org/opensearch/securityanalytics/correlation/VectorEmbeddingsEngine.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/correlation/VectorEmbeddingsEngine.java#L421 

Added line #L421 was not covered by tests
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can log message convey that search timed out hence indexing failed

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed the messaging to include the response itself as timeout can be one of the responses.

}
}, this::onFailure));
} catch (Exception ex) {
Expand Down Expand Up @@ -454,6 +466,7 @@
searchRequest.indices(CorrelationIndices.CORRELATION_METADATA_INDEX);
searchRequest.source(searchSourceBuilder);
searchRequest.preference(Preference.PRIMARY_FIRST.type());
searchRequest.setCancelAfterTimeInterval(TimeValue.timeValueSeconds(10L));

Check warning on line 469 in src/main/java/org/opensearch/securityanalytics/correlation/VectorEmbeddingsEngine.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/correlation/VectorEmbeddingsEngine.java#L469 

Added line #L469 was not covered by tests
return searchRequest;
}

Expand Down
89 changes: 44 additions & 45 deletions ...main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -172,13 +172,13 @@
correlateFindingAction.onFailures(new OpenSearchStatusException("Failed to create correlation Index", RestStatus.INTERNAL_SERVER_ERROR));
}
}, correlateFindingAction::onFailures));
} catch (IOException ex) {
} catch (Exception ex) {

Check warning on line 175 in src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java#L175 

Added line #L175 was not covered by tests
correlateFindingAction.onFailures(ex);
}
} else {
correlateFindingAction.start();
}
} catch (IOException e) {
} catch (Exception e) {

Check warning on line 181 in src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java#L181 

Added line #L181 was not covered by tests
throw new SecurityAnalyticsException("Unknown exception occurred", RestStatus.INTERNAL_SERVER_ERROR, e);
}
}
Expand Down Expand Up @@ -228,6 +228,7 @@
searchRequest.indices(Detector.DETECTORS_INDEX);
searchRequest.source(searchSourceBuilder);
searchRequest.preference(Preference.PRIMARY_FIRST.type());
searchRequest.setCancelAfterTimeInterval(TimeValue.timeValueSeconds(10L));

Check warning on line 231 in src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java#L231 

Added line #L231 was not covered by tests

client.search(searchRequest, ActionListener.wrap(response -> {
if (response.isTimedOut()) {
Expand All @@ -245,8 +246,8 @@
);
Detector detector = Detector.docParse(xcp, hit.getId(), hit.getVersion());
joinEngine.onSearchDetectorResponse(detector, finding);
} catch (IOException e) {
log.error("IOException for request {}", searchRequest.toString(), e);
} catch (Exception e) {
log.error("Exception for request {}", searchRequest.toString(), e);

Check warning on line 250 in src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java#L249-L250 

Added lines #L249 - L250 were not covered by tests
onFailures(e);
}
} else {
Expand Down Expand Up @@ -277,7 +278,7 @@
} else {
getTimestampFeature(detectorType, correlatedFindings, null, correlationRules);
}
} catch (IOException ex) {
} catch (Exception ex) {

Check warning on line 281 in src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java#L281 

Added line #L281 was not covered by tests
onFailures(ex);
}
}
Expand Down Expand Up @@ -353,7 +354,8 @@
}, this::onFailures));
}, this::onFailures));
} else {
log.error(new OpenSearchStatusException("Failed to create correlation metadata Index", RestStatus.INTERNAL_SERVER_ERROR));
Exception e = new OpenSearchStatusException("Failed to create correlation metadata Index", RestStatus.INTERNAL_SERVER_ERROR);
onFailures(e);

Check warning on line 358 in src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java#L357-L358 

Added lines #L357 - L358 were not covered by tests
}
}, this::onFailures));
} else {
Expand All @@ -364,54 +366,49 @@
if (response.getHits().getHits().length == 0) {
onFailures(new ResourceNotFoundException(
"Failed to find hits in metadata index for finding id {}", request.getFinding().getId()));
}

String id = response.getHits().getHits()[0].getId();
Map<String, Object> hitSource = response.getHits().getHits()[0].getSourceAsMap();
long scoreTimestamp = (long) hitSource.get("scoreTimestamp");
} else {
String id = response.getHits().getHits()[0].getId();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Empty check?(i see u didnt change the code but better to add)

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added this check intentionally as I was observing that the flow was continuing even when we throw the exception in the if block above. So, putting this in the else block will avoid the ArrayOutOfBoundsException then.

Map<String, Object> hitSource = response.getHits().getHits()[0].getSourceAsMap();
long scoreTimestamp = (long) hitSource.get("scoreTimestamp");

Check warning on line 372 in src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java#L370-L372 

Added lines #L370 - L372 were not covered by tests

long newScoreTimestamp = findingTimestamp - CorrelationIndices.FIXED_HISTORICAL_INTERVAL;
if (newScoreTimestamp > scoreTimestamp) {
try {
long newScoreTimestamp = findingTimestamp - CorrelationIndices.FIXED_HISTORICAL_INTERVAL;

Check warning on line 374 in src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java#L374 

Added line #L374 was not covered by tests
if (newScoreTimestamp > scoreTimestamp) {
IndexRequest scoreIndexRequest = getCorrelationMetadataIndexRequest(id, newScoreTimestamp);

client.index(scoreIndexRequest, ActionListener.wrap(indexResponse -> {
SearchRequest searchRequest = getSearchLogTypeIndexRequest();
SearchRequest searchRequest = getSearchLogTypeIndexRequest();

Check warning on line 379 in src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java#L379 

Added line #L379 was not covered by tests

client.search(searchRequest, ActionListener.wrap(searchResponse -> {
if (searchResponse.isTimedOut()) {
onFailures(new OpenSearchStatusException("Search request timed out", RestStatus.REQUEST_TIMEOUT));
}
if (searchResponse.isTimedOut()) {
onFailures(new OpenSearchStatusException("Search request timed out", RestStatus.REQUEST_TIMEOUT));

Check warning on line 383 in src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java#L383 

Added line #L383 was not covered by tests
}

SearchHit[] hits = searchResponse.getHits().getHits();
Map<String, CustomLogType> logTypes = new HashMap<>();
for (SearchHit hit : hits) {
Map<String, Object> sourceMap = hit.getSourceAsMap();
logTypes.put(sourceMap.get("name").toString(),
new CustomLogType(sourceMap));
}
SearchHit[] hits = searchResponse.getHits().getHits();
Map<String, CustomLogType> logTypes = new HashMap<>();

Check warning on line 387 in src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java#L386-L387 

Added lines #L386 - L387 were not covered by tests
for (SearchHit hit : hits) {
Map<String, Object> sourceMap = hit.getSourceAsMap();
logTypes.put(sourceMap.get("name").toString(), new CustomLogType(sourceMap));

Check warning on line 390 in src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java#L389-L390 

Added lines #L389 - L390 were not covered by tests
}

if (correlatedFindings != null) {
if (correlatedFindings.isEmpty()) {
vectorEmbeddingsEngine.insertOrphanFindings(detectorType, request.getFinding(), Long.valueOf(CorrelationIndices.FIXED_HISTORICAL_INTERVAL / 1000L).floatValue(), logTypes);
}
for (Map.Entry<String, List<String>> correlatedFinding : correlatedFindings.entrySet()) {
vectorEmbeddingsEngine.insertCorrelatedFindings(detectorType, request.getFinding(), correlatedFinding.getKey(), correlatedFinding.getValue(),
Long.valueOf(CorrelationIndices.FIXED_HISTORICAL_INTERVAL / 1000L).floatValue(), correlationRules, logTypes);
}
} else {
vectorEmbeddingsEngine.insertOrphanFindings(detectorType, orphanFinding, Long.valueOf(CorrelationIndices.FIXED_HISTORICAL_INTERVAL / 1000L).floatValue(), logTypes);
if (correlatedFindings != null) {
if (correlatedFindings.isEmpty()) {
vectorEmbeddingsEngine.insertOrphanFindings(detectorType, request.getFinding(), Long.valueOf(CorrelationIndices.FIXED_HISTORICAL_INTERVAL / 1000L).floatValue(), logTypes);

Check warning on line 395 in src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java#L395 

Added line #L395 was not covered by tests
}
}, this::onFailures));
for (Map.Entry<String, List<String>> correlatedFinding : correlatedFindings.entrySet()) {
vectorEmbeddingsEngine.insertCorrelatedFindings(detectorType, request.getFinding(), correlatedFinding.getKey(), correlatedFinding.getValue(),
Long.valueOf(CorrelationIndices.FIXED_HISTORICAL_INTERVAL / 1000L).floatValue(), correlationRules, logTypes);
}

Check warning on line 400 in src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java#L398-L400 

Added lines #L398 - L400 were not covered by tests
} else {
vectorEmbeddingsEngine.insertOrphanFindings(detectorType, orphanFinding, Long.valueOf(CorrelationIndices.FIXED_HISTORICAL_INTERVAL / 1000L).floatValue(), logTypes);

Check warning on line 402 in src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java#L402 

Added line #L402 was not covered by tests
}
}, this::onFailures));

Check warning on line 404 in src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java#L404 

Added line #L404 was not covered by tests
}, this::onFailures));
} catch (Exception ex) {
onFailures(ex);
}
} else {
float timestampFeature = Long.valueOf((findingTimestamp - scoreTimestamp) / 1000L).floatValue();
} else {
float timestampFeature = Long.valueOf((findingTimestamp - scoreTimestamp) / 1000L).floatValue();

Check warning on line 407 in src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java#L406-L407 

Added lines #L406 - L407 were not covered by tests

SearchRequest searchRequest = getSearchLogTypeIndexRequest();
insertFindings(timestampFeature, searchRequest, correlatedFindings, detectorType, correlationRules, orphanFinding);
SearchRequest searchRequest = getSearchLogTypeIndexRequest();
insertFindings(timestampFeature, searchRequest, correlatedFindings, detectorType, correlationRules, orphanFinding);

Check warning on line 410 in src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java#L409-L410 

Added lines #L409 - L410 were not covered by tests
}
}
}, this::onFailures));
}
Expand All @@ -430,6 +427,7 @@
SearchRequest searchRequest = new SearchRequest();
searchRequest.indices(LogTypeService.LOG_TYPE_INDEX);
searchRequest.source(searchSourceBuilder);
searchRequest.setCancelAfterTimeInterval(TimeValue.timeValueSeconds(10L));

Check warning on line 430 in src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java#L430 

Added line #L430 was not covered by tests
return searchRequest;
}

Expand All @@ -439,13 +437,13 @@
scoreBuilder.field("root", false);
scoreBuilder.endObject();

IndexRequest scoreIndexRequest = new IndexRequest(CorrelationIndices.CORRELATION_METADATA_INDEX)
return new IndexRequest(CorrelationIndices.CORRELATION_METADATA_INDEX)

Check warning on line 440 in src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java#L440 

Added line #L440 was not covered by tests
.id(id)
.source(scoreBuilder)
.timeout(indexTimeout)
.setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE);
return scoreIndexRequest;
}

private void insertFindings(float timestampFeature, SearchRequest searchRequest, Map<String, List<String>> correlatedFindings, String detectorType, List<String> correlationRules, Finding orphanFinding) {
client.search(searchRequest, ActionListener.wrap(response -> {
if (response.isTimedOut()) {
Expand Down Expand Up @@ -485,6 +483,7 @@
searchRequest.indices(CorrelationIndices.CORRELATION_METADATA_INDEX);
searchRequest.source(searchSourceBuilder);
searchRequest.preference(Preference.PRIMARY_FIRST.type());
searchRequest.setCancelAfterTimeInterval(TimeValue.timeValueSeconds(10L));

Check warning on line 486 in src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java#L486 

Added line #L486 was not covered by tests

return searchRequest;
}
Expand Down
Loading