Add an _exists_ check to document level monitor queries

opensearch-project / alerting

📟 Get notified when your data meets certain conditions by setting up monitors, alerts, and notifications

https://opensearch.org/docs/latest/monitoring-plugins/alerting/index/

Apache License 2.0

60 stars 102 forks source link

Add an _exists_ check to document level monitor queries #1425

Closed jowg-amazon closed 7 months ago

jowg-amazon commented 7 months ago

Issue #, if available: #854

Description of changes: Related to https://github.com/opensearch-project/security-analytics/pull/852

Checks if _exists_ is present in the query. If it is, then replace the value with the field name and the correctly appended index name and monitor id.

CheckList:

[ ] Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check here.

jowg-amazon commented 7 months ago

@eirsep Opensearch allows null to be passed in as a value so a not null check would be different than an exists check. We want to check whether or not the field even exists in the document, not if the field is null.

jowg-amazon commented 7 months ago

shouldn't there be : between exists and ?

@eirsep Removed the _exists_ flag so it parses to find wherever the query is _exists_: <field name> and transforms the

opensearch-trigger-bot[bot] commented 7 months ago

The backport to 2.x failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/alerting/backport-2.x 2.x
# Navigate to the new working tree
pushd ../.worktrees/alerting/backport-2.x
# Create a new branch
git switch --create backport-1425-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 afa4f5d131a7075593c56efb61ba95d01ad82ebe
# Push it to GitHub
git push --set-upstream origin backport-1425-to-2.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/alerting/backport-2.x

Then, create a pull request where the base branch is 2.x and the compare/head branch is backport-1425-to-2.x.

opensearch-trigger-bot[bot] commented 5 months ago

The backport to 2.11 failed:

The process '/usr/bin/git' failed with exit code 128

To backport manually, run these commands in your terminal:

# Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/alerting/backport-2.11 2.11
# Navigate to the new working tree
pushd ../.worktrees/alerting/backport-2.11
# Create a new branch
git switch --create backport-1425-to-2.11
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 afa4f5d131a7075593c56efb61ba95d01ad82ebe
# Push it to GitHub
git push --set-upstream origin backport-1425-to-2.11
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/alerting/backport-2.11

Then, create a pull request where the base branch is 2.11 and the compare/head branch is backport-1425-to-2.11.