search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.62k stars 8.22k forks source link

Threshold based alert throws exception when no documents are returned #126074

Open spinscale opened 2 years ago

spinscale commented 2 years ago

Kibana version: 7.16.3

Elasticsearch version: 7.16.3

Describe the bug:

When creating a threshold based alert (via watcher) an exception is thrown when a null value is returned by an aggregation due to not matching any documents

Steps to reproduce:

Run this in kibana console

PUT test/_doc/1
{
  "value" : 123
}

# comment this out to see everything working
DELETE test/_doc/1

POST _watcher/watch/_execute
{
  "watch": {
    "trigger": {
      "schedule": {
        "interval": "10h"
      }
    },
    "input": {
      "search": {
        "request": {
          "search_type": "query_then_fetch",
          "indices": [
            "test"
          ],
          "rest_total_hits_as_int": true,
          "body": {
            "size": 0,
            "aggs": {
              "metricAgg": {
                "avg": {
                  "field": "value"
                }
              }
            }
          }
        }
      }
    },
    "condition": {
      "script": {
        "source": "if (ctx.payload.aggregations.metricAgg.value > params.threshold) { return true; } return false;",
        "lang": "painless",
        "params": {
          "threshold": 1.2
        }
      }
    },
    "actions": {
      "logme": {
        "logging": {
          "text": "{{ctx}}"
        }
      }
    }
  }
}

Expected behavior:

No exception is thrown, as the exception should cater for this behaviour.

Fix would be to check for null in the condition (that is created by kibana for threshold based alerts).

if (ctx.payload.aggregations.metricAgg.value != null && ctx.payload.aggregations.metricAgg.value > params.threshold) { return true; } return false;

Additional information: https://discuss.elastic.co/t/watcher-execution-history-error-state/297139/2

elasticmachine commented 2 years ago

Pinging @elastic/response-ops (Team:ResponseOps)

elasticmachine commented 2 years ago

Pinging @elastic/platform-deployment-management (Team:Deployment Management)

elasticmachine commented 1 month ago

Pinging @elastic/kibana-management (Team:Kibana Management)