diff --git a/core/db/elastic.py b/core/db/elastic.py index 3311ef3..807039c 100644 --- a/core/db/elastic.py +++ b/core/db/elastic.py @@ -260,8 +260,8 @@ class ElasticsearchBackend(StorageBackend): range_query = { "range": { "ts": { - "gt": f"now-{rule_object.window}/d", - "lt": "now/d", + "gte": f"now-{rule_object.window}/d", + "lte": "now/d", } } } @@ -284,6 +284,8 @@ class ElasticsearchBackend(StorageBackend): search_query, index=index, ) + self.log.debug(f"Running scheduled query on {index}: {search_query}") + self.log.debug(f"Response from scheduled query: {response}") if isinstance(response, Exception): error = response.info["error"]["root_cause"][0]["reason"] self.log.error(f"Error running scheduled search: {error}") diff --git a/core/lib/rules.py b/core/lib/rules.py index e01be5d..92981c2 100644 --- a/core/lib/rules.py +++ b/core/lib/rules.py @@ -205,6 +205,7 @@ class NotificationRuleData(object): A rule has matched. """ current_match = self.get_match(index) + log.debug(f"Rule matched: {index} - current match: {current_match}") if current_match is False: # Matched now, but not before formatted_aggs = self.format_aggs(aggs) @@ -216,6 +217,7 @@ class NotificationRuleData(object): A rule has not matched. """ current_match = self.get_match(index) + log.debug(f"Rule not matched: {index} - current match: {current_match}") if current_match is True: # Matched before, but not now if self.object.send_empty: