Merge pull request #1647 from dennis-trapp/compound-formatted

add _formatted to metric agg

Author: jertel

CHANGELOG.md

@@ -12,6 +12,7 @@
 - Fix `schema.yaml` to support Kibana 8.17 - [#1631](https://github.com/jertel/elastalert2/pull/1631) - @vpiserchia
 - [Helm] Clarified documentation around rootRulesFolder - @jertel
 - [IRIS] Fix `iris.py` to overcome a description overwriting bug - [#1643](https://github.com/jertel/elastalert2/pull/1643) - @jmolletAMNH
+- Add `metric_<metric_key>_formatted` and `metric_agg_value_formatted` to metric aggregation when using compound query keys - [#1647](https://github.com/jertel/elastalert2/pull/1647) - @dennis-trapp
 
 # 2.23.0
 

elastalert/ruletypes.py

@@ -1146,6 +1146,10 @@ def check_matches_recursive(self, timestamp, query_key, aggregation_data, compou
                     # add compound key to payload to allow alerts to trigger for every unique occurence
                     compound_value = [match_data[key] for key in self.rules['compound_query_key']]
                     match_data[self.rules['query_key']] = ",".join([str(value) for value in compound_value])
+                    metric_format_string = self.rules.get('metric_format_string', None)
+                    if metric_format_string:
+                        match_data[self.metric_key +'_formatted'] = format_string(metric_format_string, metric_val)
+                        match_data['metric_agg_value_formatted'] = format_string(metric_format_string, metric_val)
                     self.add_match(match_data)
 
     def crossed_thresholds(self, metric_value):

tests/rules_test.py

@@ -1256,6 +1256,38 @@ def test_metric_aggregation_complex_query_key():
     assert rule.matches[1]['sub_qk'] == 'sub_qk_val2'
 
 
+def test_metric_aggregation_complex_query_key_formatted():
+    rules = {'buffer_time': datetime.timedelta(minutes=5),
+             'timestamp_field': '@timestamp',
+             'metric_agg_type': 'avg',
+             'metric_agg_key': 'some_val',
+             'metric_format_string': '{:.2f}',
+             'compound_query_key': ['qk', 'sub_qk'],
+             'query_key': 'qk,sub_qk',
+             'max_threshold': 0.8}
+
+    query = {"bucket_aggs": {"buckets": [
+        {"metric_some_val_avg": {"value": 1000.9133333}, "key": "sub_qk_val1"},
+        {"metric_some_val_avg": {"value": 10.9}, "key": "sub_qk_val2"},
+        {"metric_some_val_avg": {"value": 0.89999}, "key": "sub_qk_val3"}]
+    }, "key": "qk_val"}
+
+    rule = MetricAggregationRule(rules)
+    rule.check_matches(datetime.datetime.now(), 'qk_val', query)
+    assert len(rule.matches) == 3
+    assert rule.matches[0]['qk'] == 'qk_val'
+    assert rule.matches[1]['qk'] == 'qk_val'
+    assert rule.matches[0]['sub_qk'] == 'sub_qk_val1'
+    assert rule.matches[1]['sub_qk'] == 'sub_qk_val2'
+    assert rule.matches[1]['sub_qk'] == 'sub_qk_val2'
+    assert rule.matches[0]['metric_agg_value_formatted'] == '1000.91'
+    assert rule.matches[0]["metric_some_val_avg_formatted"] == "1000.91"
+    assert rule.matches[1]['metric_agg_value_formatted'] == '10.90'
+    assert rule.matches[1]["metric_some_val_avg_formatted"] == "10.90"
+    assert rule.matches[2]['metric_agg_value_formatted'] == '0.90'
+    assert rule.matches[2]["metric_some_val_avg_formatted"] == "0.90"
+
+
 def test_metric_aggregation_complex_query_key_bucket_interval():
     rules = {'buffer_time': datetime.timedelta(minutes=5),
              'timestamp_field': '@timestamp',