|
|
|
|
@ -310,7 +310,6 @@ class NotificationRuleData(object):
|
|
|
|
|
"""
|
|
|
|
|
new_aggs = {}
|
|
|
|
|
for agg_name, agg in aggs.items():
|
|
|
|
|
# Already checked membership below
|
|
|
|
|
if agg_name in self.aggs:
|
|
|
|
|
op, value = self.aggs[agg_name]
|
|
|
|
|
new_aggs[agg_name] = f"{agg['value']}{op}{value}"
|
|
|
|
|
@ -382,7 +381,9 @@ class NotificationRuleData(object):
|
|
|
|
|
# We hit the return above if we don't need to notify
|
|
|
|
|
meta["matched"] = self.format_matched(message)
|
|
|
|
|
if "aggs" in meta:
|
|
|
|
|
meta["matched"] = self.format_aggs(meta["aggs"])
|
|
|
|
|
aggs_formatted = self.format_aggs(meta["aggs"])
|
|
|
|
|
if aggs_formatted:
|
|
|
|
|
meta["matched_aggs"] = aggs_formatted
|
|
|
|
|
|
|
|
|
|
rule_notify(self.object, index, message, meta)
|
|
|
|
|
self.store_match(index, message)
|
|
|
|
|
@ -414,8 +415,9 @@ class NotificationRuleData(object):
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
# We hit the return above if we don't need to notify
|
|
|
|
|
if "aggs" in meta and "matched" not in meta:
|
|
|
|
|
meta["matched"] = self.format_aggs(meta["aggs"])
|
|
|
|
|
meta["matched"] = self.format_matched(message)
|
|
|
|
|
if "aggs" in meta:
|
|
|
|
|
meta["format_aggs"] = self.format_aggs(meta["aggs"])
|
|
|
|
|
rule_notify(self.object, index, message, meta)
|
|
|
|
|
self.store_match(index, message)
|
|
|
|
|
self.ingest_matches_sync(index, message, meta, mode)
|
|
|
|
|
|
