From cc5e770852479e58884bc2d447aaa58ffae9f665 Mon Sep 17 00:00:00 2001 From: Vladimir Filonov Date: Tue, 3 Dec 2024 17:13:08 +0400 Subject: [PATCH] Switch to last alert and fingerprints --- keep/api/core/db.py | 11 +++++------ keep/api/models/db/rule.py | 4 ++-- keep/rulesengine/rulesengine.py | 10 +++++----- 3 files changed, 12 insertions(+), 13 deletions(-) diff --git a/keep/api/core/db.py b/keep/api/core/db.py index 7b8457fa4..47129dd20 100644 --- a/keep/api/core/db.py +++ b/keep/api/core/db.py @@ -4265,15 +4265,15 @@ def get_workflow_executions_for_incident_or_alert( return results, total_count def is_all_alerts_resolved( - alert_ids: Optional[List[str | UUID]] = None, + fingerprints: Optional[List[str]] = None, incident: Optional[Incident] = None, session: Optional[Session] = None ): - return is_all_alerts_in_status(alert_ids, incident, AlertStatus.RESOLVED, session) + return is_all_alerts_in_status(fingerprints, incident, AlertStatus.RESOLVED, session) def is_all_alerts_in_status( - alert_ids: Optional[List[str | UUID]] = None, + fingerprints: Optional[List[str]] = None, incident: Optional[Incident] = None, status: AlertStatus = AlertStatus.RESOLVED, session: Optional[Session] = None @@ -4302,12 +4302,11 @@ def is_all_alerts_in_status( Alert.fingerprint == AlertEnrichment.alert_fingerprint ), ) - .group_by(Alert.fingerprint) .having(func.max(Alert.timestamp)) ) - if alert_ids: - subquery = subquery.where(Alert.id.in_(alert_ids)) + if fingerprints: + subquery = subquery.where(LastAlert.fingerprint.in_(fingerprints)) if incident: subquery = ( diff --git a/keep/api/models/db/rule.py b/keep/api/models/db/rule.py index d2f13b950..edef770e4 100644 --- a/keep/api/models/db/rule.py +++ b/keep/api/models/db/rule.py @@ -71,9 +71,9 @@ def is_all_conditions_met(self, rule_groups: List[str]): for condition in rule_groups ]) - def add_alert(self, condition, alert_id): + def add_alert(self, condition, fingerprint): self.state.setdefault(condition, []) - self.state[condition].append(alert_id) + self.state[condition].append(fingerprint) flag_modified(self, "state") def get_all_alerts(self): diff --git a/keep/rulesengine/rulesengine.py b/keep/rulesengine/rulesengine.py index 106f3089c..08b4770b8 100644 --- a/keep/rulesengine/rulesengine.py +++ b/keep/rulesengine/rulesengine.py @@ -105,7 +105,7 @@ def run_rules( session=session, ) incident = assign_alert_to_incident( - alert_id=event.event_id, + fingerprint=event.fingerprint, incident=incident, tenant_id=self.tenant_id, session=session, @@ -120,12 +120,12 @@ def run_rules( ) rule_group = self._get_rule_group(rule, session) - rule_group.add_alert(sub_rule, event.event_id) + rule_group.add_alert(sub_rule, event.fingerprint) - alert_ids = rule_group.get_all_alerts() + fingerprints = rule_group.get_all_alerts() if rule_group.is_all_conditions_met(rule_groups) and is_all_alerts_in_status( - alert_ids=alert_ids, status=AlertStatus.FIRING, session=session + fingerprints=fingerprints, status=AlertStatus.FIRING, session=session ): self.logger.info( @@ -139,7 +139,7 @@ def run_rules( session=session, ) - incident = add_alerts_to_incident(self.tenant_id, incident, alert_ids, session=session) + incident = add_alerts_to_incident(self.tenant_id, incident, fingerprints, session=session) session.delete(rule_group) session.commit()