Skip to content

Commit

Permalink
fix: introduce KEEP_ALERT_FIELDS_ENABLED (#2712)
Browse files Browse the repository at this point in the history
  • Loading branch information
talboren authored Dec 1, 2024
1 parent 1c88c63 commit 2f7832d
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 31 deletions.
64 changes: 34 additions & 30 deletions keep/api/tasks/process_event_task.py
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,9 @@
TIMES_TO_RETRY_JOB = 5 # the number of times to retry the job in case of failure
KEEP_STORE_RAW_ALERTS = os.environ.get("KEEP_STORE_RAW_ALERTS", "false") == "true"
KEEP_CORRELATION_ENABLED = os.environ.get("KEEP_CORRELATION_ENABLED", "true") == "true"
KEEP_ALERT_FIELDS_ENABLED = (
os.environ.get("KEEP_ALERT_FIELDS_ENABLED", "false") == "true"
)

logger = logging.getLogger(__name__)

Expand Down Expand Up @@ -310,37 +313,38 @@ def __handle_formatted_events(

# let's save all fields to the DB so that we can use them in the future such in deduplication fields suggestions
# todo: also use it on correlation rules suggestions
for enriched_formatted_event in enriched_formatted_events:
logger.debug(
"Bulk upserting alert fields",
extra={
"alert_event_id": enriched_formatted_event.event_id,
"alert_fingerprint": enriched_formatted_event.fingerprint,
},
)
fields = []
for key, value in enriched_formatted_event.dict().items():
if isinstance(value, dict):
for nested_key in value.keys():
fields.append(f"{key}.{nested_key}")
else:
fields.append(key)

bulk_upsert_alert_fields(
tenant_id=tenant_id,
fields=fields,
provider_id=enriched_formatted_event.providerId,
provider_type=enriched_formatted_event.providerType,
session=session,
)
if KEEP_ALERT_FIELDS_ENABLED:
for enriched_formatted_event in enriched_formatted_events:
logger.debug(
"Bulk upserting alert fields",
extra={
"alert_event_id": enriched_formatted_event.event_id,
"alert_fingerprint": enriched_formatted_event.fingerprint,
},
)
fields = []
for key, value in enriched_formatted_event.dict().items():
if isinstance(value, dict):
for nested_key in value.keys():
fields.append(f"{key}.{nested_key}")
else:
fields.append(key)

bulk_upsert_alert_fields(
tenant_id=tenant_id,
fields=fields,
provider_id=enriched_formatted_event.providerId,
provider_type=enriched_formatted_event.providerType,
session=session,
)

logger.debug(
"Bulk upserted alert fields",
extra={
"alert_event_id": enriched_formatted_event.event_id,
"alert_fingerprint": enriched_formatted_event.fingerprint,
},
)
logger.debug(
"Bulk upserted alert fields",
extra={
"alert_event_id": enriched_formatted_event.event_id,
"alert_fingerprint": enriched_formatted_event.fingerprint,
},
)

# after the alert enriched and mapped, lets send it to the elasticsearch
elastic_client = ElasticClient(tenant_id=tenant_id)
Expand Down
2 changes: 1 addition & 1 deletion pyproject.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[tool.poetry]
name = "keep"
version = "0.30.6"
version = "0.30.7"
description = "Alerting. for developers, by developers."
authors = ["Keep Alerting LTD"]
packages = [{include = "keep"}]
Expand Down

0 comments on commit 2f7832d

Please sign in to comment.