[RAM] Fix alert summary by adding end time to untracked alerts (elast…

…ic#168032) ## Summary Fixes elastic#167832 Untracking an alert will now add its end time to the alert document, which will correctly filter it out of the active alerts histogram. ### Before ![image](https://github.com/elastic/kibana/assets/12370520/04cda410-757c-4111-988a-c2e0ac4d2a96) ### After <img width="912" alt="Screenshot 2023-10-04 at 12 48 13 PM" src="https://github.com/elastic/kibana/assets/1445834/91f6bbec-7eb1-480c-a39d-392cfe8973e1">
gbamparop · Oct 6, 2023 · ad15701 · ad15701
1 parent ecc9d9f
commit ad15701
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 5 deletions.
diff --git a/x-pack/plugins/alerting/server/alerts_service/lib/set_alerts_to_untracked.test.ts b/x-pack/plugins/alerting/server/alerts_service/lib/set_alerts_to_untracked.test.ts
@@ -16,6 +16,10 @@ let logger: ReturnType<typeof loggingSystemMock['createLogger']>;
 
 describe('setAlertsToUntracked()', () => {
   beforeEach(() => {
+    jest.useFakeTimers();
+    const date = '2023-03-28T22:27:28.159Z';
+    jest.setSystemTime(new Date(date));
+
     logger = loggingSystemMock.createLogger();
     clusterClient = elasticsearchServiceMock.createClusterClient().asInternalUser;
     clusterClient.search.mockResponse({
@@ -32,6 +36,11 @@ describe('setAlertsToUntracked()', () => {
       },
     });
   });
+
+  afterAll(() => {
+    jest.useRealTimers();
+  });
+
   test('should call updateByQuery on provided ruleIds', async () => {
     await setAlertsToUntracked({
       logger,
@@ -83,8 +92,12 @@ describe('setAlertsToUntracked()', () => {
               "source": "
       if (!ctx._source.containsKey('kibana.alert.status') || ctx._source['kibana.alert.status'].empty) {
         ctx._source.kibana.alert.status = 'untracked';
+        ctx._source.kibana.alert.end = '2023-03-28T22:27:28.159Z';
+        ctx._source.kibana.alert.time_range.lte = '2023-03-28T22:27:28.159Z';
       } else {
-        ctx._source['kibana.alert.status'] = 'untracked'
+        ctx._source['kibana.alert.status'] = 'untracked';
+        ctx._source['kibana.alert.end'] = '2023-03-28T22:27:28.159Z';
+        ctx._source['kibana.alert.time_range'].lte = '2023-03-28T22:27:28.159Z';
       }",
             },
           },
@@ -147,8 +160,12 @@ describe('setAlertsToUntracked()', () => {
               "source": "
       if (!ctx._source.containsKey('kibana.alert.status') || ctx._source['kibana.alert.status'].empty) {
         ctx._source.kibana.alert.status = 'untracked';
+        ctx._source.kibana.alert.end = '2023-03-28T22:27:28.159Z';
+        ctx._source.kibana.alert.time_range.lte = '2023-03-28T22:27:28.159Z';
       } else {
-        ctx._source['kibana.alert.status'] = 'untracked'
+        ctx._source['kibana.alert.status'] = 'untracked';
+        ctx._source['kibana.alert.end'] = '2023-03-28T22:27:28.159Z';
+        ctx._source['kibana.alert.time_range'].lte = '2023-03-28T22:27:28.159Z';
       }",
             },
           },

diff --git a/x-pack/plugins/alerting/server/alerts_service/lib/set_alerts_to_untracked.ts b/x-pack/plugins/alerting/server/alerts_service/lib/set_alerts_to_untracked.ts
@@ -9,12 +9,14 @@ import { isEmpty } from 'lodash';
 import { ElasticsearchClient } from '@kbn/core-elasticsearch-server';
 import { Logger } from '@kbn/logging';
 import {
+  ALERT_END,
   ALERT_RULE_CONSUMER,
   ALERT_RULE_TYPE_ID,
   ALERT_RULE_UUID,
   ALERT_STATUS,
   ALERT_STATUS_ACTIVE,
   ALERT_STATUS_UNTRACKED,
+  ALERT_TIME_RANGE,
   ALERT_UUID,
 } from '@kbn/rule-data-utils';
 
@@ -134,7 +136,7 @@ export async function setAlertsToUntracked({
         body: {
           conflicts: 'proceed',
           script: {
-            source: UNTRACK_UPDATE_PAINLESS_SCRIPT,
+            source: getUntrackUpdatePainlessScript(new Date()),
             lang: 'painless',
           },
           query: {
@@ -183,9 +185,13 @@ export async function setAlertsToUntracked({
 }
 
 // Certain rule types don't flatten their AAD values, apply the ALERT_STATUS key to them directly
-const UNTRACK_UPDATE_PAINLESS_SCRIPT = `
+const getUntrackUpdatePainlessScript = (now: Date) => `
 if (!ctx._source.containsKey('${ALERT_STATUS}') || ctx._source['${ALERT_STATUS}'].empty) {
   ctx._source.${ALERT_STATUS} = '${ALERT_STATUS_UNTRACKED}';
+  ctx._source.${ALERT_END} = '${now.toISOString()}';
+  ctx._source.${ALERT_TIME_RANGE}.lte = '${now.toISOString()}';
 } else {
-  ctx._source['${ALERT_STATUS}'] = '${ALERT_STATUS_UNTRACKED}'
+  ctx._source['${ALERT_STATUS}'] = '${ALERT_STATUS_UNTRACKED}';
+  ctx._source['${ALERT_END}'] = '${now.toISOString()}';
+  ctx._source['${ALERT_TIME_RANGE}'].lte = '${now.toISOString()}';
 }`;