From ad157011e3991f2476526730220ad013305f69b2 Mon Sep 17 00:00:00 2001
From: Zacqary Adam Xeper <Zacqary@users.noreply.github.com>
Date: Fri, 6 Oct 2023 12:16:09 -0500
Subject: [PATCH] [RAM] Fix alert summary by adding end time to untracked
 alerts (#168032)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

## Summary

Fixes #167832

Untracking an alert will now add its end time to the alert document,
which will correctly filter it out of the active alerts histogram.

### Before

![image](https://github.com/elastic/kibana/assets/12370520/04cda410-757c-4111-988a-c2e0ac4d2a96)
### After
<img width="912" alt="Screenshot 2023-10-04 at 12 48 13 PM"
src="https://github.com/elastic/kibana/assets/1445834/91f6bbec-7eb1-480c-a39d-392cfe8973e1">
---
 .../lib/set_alerts_to_untracked.test.ts       | 21 +++++++++++++++++--
 .../lib/set_alerts_to_untracked.ts            | 12 ++++++++---
 2 files changed, 28 insertions(+), 5 deletions(-)

diff --git a/x-pack/plugins/alerting/server/alerts_service/lib/set_alerts_to_untracked.test.ts b/x-pack/plugins/alerting/server/alerts_service/lib/set_alerts_to_untracked.test.ts
index 8b8d6407fdcbf..14bdb6c2b5fed 100644
--- a/x-pack/plugins/alerting/server/alerts_service/lib/set_alerts_to_untracked.test.ts
+++ b/x-pack/plugins/alerting/server/alerts_service/lib/set_alerts_to_untracked.test.ts
@@ -16,6 +16,10 @@ let logger: ReturnType<typeof loggingSystemMock['createLogger']>;
 
 describe('setAlertsToUntracked()', () => {
   beforeEach(() => {
+    jest.useFakeTimers();
+    const date = '2023-03-28T22:27:28.159Z';
+    jest.setSystemTime(new Date(date));
+
     logger = loggingSystemMock.createLogger();
     clusterClient = elasticsearchServiceMock.createClusterClient().asInternalUser;
     clusterClient.search.mockResponse({
@@ -32,6 +36,11 @@ describe('setAlertsToUntracked()', () => {
       },
     });
   });
+
+  afterAll(() => {
+    jest.useRealTimers();
+  });
+
   test('should call updateByQuery on provided ruleIds', async () => {
     await setAlertsToUntracked({
       logger,
@@ -83,8 +92,12 @@ describe('setAlertsToUntracked()', () => {
               "source": "
       if (!ctx._source.containsKey('kibana.alert.status') || ctx._source['kibana.alert.status'].empty) {
         ctx._source.kibana.alert.status = 'untracked';
+        ctx._source.kibana.alert.end = '2023-03-28T22:27:28.159Z';
+        ctx._source.kibana.alert.time_range.lte = '2023-03-28T22:27:28.159Z';
       } else {
-        ctx._source['kibana.alert.status'] = 'untracked'
+        ctx._source['kibana.alert.status'] = 'untracked';
+        ctx._source['kibana.alert.end'] = '2023-03-28T22:27:28.159Z';
+        ctx._source['kibana.alert.time_range'].lte = '2023-03-28T22:27:28.159Z';
       }",
             },
           },
@@ -147,8 +160,12 @@ describe('setAlertsToUntracked()', () => {
               "source": "
       if (!ctx._source.containsKey('kibana.alert.status') || ctx._source['kibana.alert.status'].empty) {
         ctx._source.kibana.alert.status = 'untracked';
+        ctx._source.kibana.alert.end = '2023-03-28T22:27:28.159Z';
+        ctx._source.kibana.alert.time_range.lte = '2023-03-28T22:27:28.159Z';
       } else {
-        ctx._source['kibana.alert.status'] = 'untracked'
+        ctx._source['kibana.alert.status'] = 'untracked';
+        ctx._source['kibana.alert.end'] = '2023-03-28T22:27:28.159Z';
+        ctx._source['kibana.alert.time_range'].lte = '2023-03-28T22:27:28.159Z';
       }",
             },
           },
diff --git a/x-pack/plugins/alerting/server/alerts_service/lib/set_alerts_to_untracked.ts b/x-pack/plugins/alerting/server/alerts_service/lib/set_alerts_to_untracked.ts
index 4fd9f116205e9..d7cb0a62aa982 100644
--- a/x-pack/plugins/alerting/server/alerts_service/lib/set_alerts_to_untracked.ts
+++ b/x-pack/plugins/alerting/server/alerts_service/lib/set_alerts_to_untracked.ts
@@ -9,12 +9,14 @@ import { isEmpty } from 'lodash';
 import { ElasticsearchClient } from '@kbn/core-elasticsearch-server';
 import { Logger } from '@kbn/logging';
 import {
+  ALERT_END,
   ALERT_RULE_CONSUMER,
   ALERT_RULE_TYPE_ID,
   ALERT_RULE_UUID,
   ALERT_STATUS,
   ALERT_STATUS_ACTIVE,
   ALERT_STATUS_UNTRACKED,
+  ALERT_TIME_RANGE,
   ALERT_UUID,
 } from '@kbn/rule-data-utils';
 
@@ -134,7 +136,7 @@ export async function setAlertsToUntracked({
         body: {
           conflicts: 'proceed',
           script: {
-            source: UNTRACK_UPDATE_PAINLESS_SCRIPT,
+            source: getUntrackUpdatePainlessScript(new Date()),
             lang: 'painless',
           },
           query: {
@@ -183,9 +185,13 @@ export async function setAlertsToUntracked({
 }
 
 // Certain rule types don't flatten their AAD values, apply the ALERT_STATUS key to them directly
-const UNTRACK_UPDATE_PAINLESS_SCRIPT = `
+const getUntrackUpdatePainlessScript = (now: Date) => `
 if (!ctx._source.containsKey('${ALERT_STATUS}') || ctx._source['${ALERT_STATUS}'].empty) {
   ctx._source.${ALERT_STATUS} = '${ALERT_STATUS_UNTRACKED}';
+  ctx._source.${ALERT_END} = '${now.toISOString()}';
+  ctx._source.${ALERT_TIME_RANGE}.lte = '${now.toISOString()}';
 } else {
-  ctx._source['${ALERT_STATUS}'] = '${ALERT_STATUS_UNTRACKED}'
+  ctx._source['${ALERT_STATUS}'] = '${ALERT_STATUS_UNTRACKED}';
+  ctx._source['${ALERT_END}'] = '${now.toISOString()}';
+  ctx._source['${ALERT_TIME_RANGE}'].lte = '${now.toISOString()}';
 }`;