Properly handle matched and meta fields, always return sentiment aggregations

This commit is contained in:
Mark Veidemanis 2023-02-09 21:41:00 +00:00
parent c67d89c978
commit f4273e4453
Signed by: m
GPG Key ID: 5ACFCEED46C0904F
2 changed files with 17 additions and 8 deletions

View File

@ -358,12 +358,12 @@ class ElasticsearchBackend(StorageBackend):
add_top.append(range_query)
self.add_bool(search_query, add_bool)
self.add_top(search_query, add_top)
if "sentiment" in data:
search_query["aggs"] = {
"avg_sentiment": {
"avg": {"field": "sentiment"},
}
# if "sentiment" in data:
search_query["aggs"] = {
"avg_sentiment": {
"avg": {"field": "sentiment"},
}
}
return search_query
@ -374,8 +374,12 @@ class ElasticsearchBackend(StorageBackend):
for index, (meta, result) in result_map.items():
# Default to true, if no aggs are found, we still want to match
match = True
print("RULE OBJECT", rule_object.aggs)
print("META", meta)
for agg_name, (operator, number) in rule_object.aggs.items():
if agg_name in meta:
print("AGG NAME", agg_name, "OPERATOR", operator, "NUMBER", number)
if agg_name in meta["aggs"]:
agg_value = meta["aggs"][agg_name]["value"]
# TODO: simplify this, match is default to True

View File

@ -291,11 +291,12 @@ class NotificationRuleData(object):
"""
new_aggs = {}
for agg_name, agg in aggs.items():
print("ITER", agg_name, agg)
# Already checked membership below
op, value = self.aggs[agg_name]
new_aggs[agg_name] = f"{agg['value']}{op}{value}"
return
return new_aggs
def reform_matches(self, index, matches, meta, mode):
if not isinstance(matches, list):
@ -362,6 +363,7 @@ class NotificationRuleData(object):
# We hit the return above if we don't need to notify
if "aggs" in meta and "matched" not in meta:
meta["matched"] = self.format_aggs(meta["aggs"])
print("MATCHED", meta["matched"])
rule_notify(self.object, index, message, meta)
self.store_match(index, message)
await self.ingest_matches(index, message, meta, mode)
@ -545,7 +547,10 @@ class NotificationRuleData(object):
)
if self.policy != "default":
raise RuleParseError(
f"Cannot use {self.cleaned_data['policy']} policy with on-demand rules",
(
f"Cannot use {self.cleaned_data['policy']} policy with "
"on-demand rules"
),
"policy",
)