diff --git a/x-pack/plugins/security_solution/server/usage/queries/utils/get_event_log_by_type_and_status.test.ts b/x-pack/plugins/security_solution/server/usage/queries/utils/get_event_log_by_type_and_status.test.ts index 5ad3c2f0951ea7..a1d57387bfb60a 100644 --- a/x-pack/plugins/security_solution/server/usage/queries/utils/get_event_log_by_type_and_status.test.ts +++ b/x-pack/plugins/security_solution/server/usage/queries/utils/get_event_log_by_type_and_status.test.ts @@ -6,10 +6,7 @@ */ import type { EventLogStatusMetric } from '../../detections/rules/types'; -import { - elasticsearchServiceMock, - loggingSystemMock, -} from '../../../../../../../src/core/server/mocks'; +import { elasticsearchServiceMock, loggingSystemMock } from 'src/core/server/mocks'; import { getInitialEventLogUsage } from '../../detections/rules/get_initial_usage'; import { getAllEventLogTransform, diff --git a/x-pack/plugins/security_solution/server/usage/queries/utils/transform_categories.test.ts b/x-pack/plugins/security_solution/server/usage/queries/utils/transform_categories.test.ts new file mode 100644 index 00000000000000..fc1d4c352c2f1a --- /dev/null +++ b/x-pack/plugins/security_solution/server/usage/queries/utils/transform_categories.test.ts @@ -0,0 +1,153 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { Top10Failure } from '../../detections/rules/types'; +import { transformCategories } from './transform_categories'; + +describe('transform_categories', () => { + test('it transforms an empty array into an empty object', () => { + const result = transformCategories({ + buckets: [], + }); + expect(result).toEqual({}); + }); + + test('it transforms a single element into a single output', () => { + const result = transformCategories({ + buckets: [ + { + doc_count: 6, + key: 'category-1', + }, + ], + }); + expect(result).toEqual({ + '1': { + count: 6, + message: 'category-1', + }, + }); + }); + + test('it transforms 2 elements into 2 outputs', () => { + const result = transformCategories({ + buckets: [ + { + doc_count: 6, + key: 'category-1', + }, + { + doc_count: 5, + key: 'category-2', + }, + ], + }); + expect(result).toEqual({ + '1': { + count: 6, + message: 'category-1', + }, + '2': { + count: 5, + message: 'category-2', + }, + }); + }); + + test('it transforms 11 elements into only 10 outputs', () => { + const result = transformCategories({ + buckets: [ + { + doc_count: 11, + key: 'category-11', + }, + { + doc_count: 10, + key: 'category-10', + }, + { + doc_count: 9, + key: 'category-9', + }, + { + doc_count: 8, + key: 'category-8', + }, + { + doc_count: 7, + key: 'category-7', + }, + { + doc_count: 6, + key: 'category-6', + }, + { + doc_count: 5, + key: 'category-5', + }, + { + doc_count: 4, + key: 'category-4', + }, + { + doc_count: 3, + key: 'category-3', + }, + { + doc_count: 2, + key: 'category-2', + }, + { + doc_count: 1, + key: 'category-1', + }, + ], + }); + expect(result).toEqual({ + '1': { + message: 'category-11', + count: 11, + }, + '2': { + message: 'category-10', + count: 10, + }, + '3': { + message: 'category-9', + count: 9, + }, + '4': { + message: 'category-8', + count: 8, + }, + '5': { + message: 'category-7', + count: 7, + }, + '6': { + message: 'category-6', + count: 6, + }, + '7': { + message: 'category-5', + count: 5, + }, + '8': { + message: 'category-4', + count: 4, + }, + '9': { + message: 'category-3', + count: 3, + }, + '10': { + message: 'category-2', + count: 2, + }, + }); + }); +}); diff --git a/x-pack/plugins/security_solution/server/usage/queries/utils/transform_category_bucket.test.ts b/x-pack/plugins/security_solution/server/usage/queries/utils/transform_category_bucket.test.ts new file mode 100644 index 00000000000000..d5c4fba616df51 --- /dev/null +++ b/x-pack/plugins/security_solution/server/usage/queries/utils/transform_category_bucket.test.ts @@ -0,0 +1,27 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { FailureMessage } from '../../detections/rules/types'; +import { transformCategoryBucket } from './transform_category_bucket'; + +describe('transform_category_bucket', () => { + test('it will transform a bucket sent in', () => { + const result = transformCategoryBucket({ + key: 'test-123', + doc_count: 10, + }); + expect(result).toEqual({ + message: 'test-123', + count: 10, + }); + }); + + test('it will return undefined if the bucket is undefined', () => { + const result = transformCategoryBucket(undefined); + expect(result).toEqual(undefined); + }); +}); diff --git a/x-pack/plugins/security_solution/server/usage/queries/utils/transform_event_log_type_status.test.ts b/x-pack/plugins/security_solution/server/usage/queries/utils/transform_event_log_type_status.test.ts new file mode 100644 index 00000000000000..d7299fdb375b27 --- /dev/null +++ b/x-pack/plugins/security_solution/server/usage/queries/utils/transform_event_log_type_status.test.ts @@ -0,0 +1,47 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { SingleEventLogStatusMetric } from '../../detections/rules/types'; +import { loggingSystemMock } from 'src/core/server/mocks'; +import { + getElasticLogCustomRules, + getEventLogAllRules, + getEventLogAllRulesResult, + getEventLogCustomRulesResult, + getEventLogElasticRules, + getEventLogElasticRulesResult, +} from '../../detections/rules/get_metrics.mocks'; +import { transformEventLogTypeStatus } from './transform_event_log_type_status'; + +describe('transform_event_log_type_status', () => { + test('returns expected transform for all rules results', () => { + const logger = loggingSystemMock.createLogger(); + const result = transformEventLogTypeStatus({ + logger, + aggs: getEventLogAllRules().aggregations, + }); + expect(result).toEqual(getEventLogAllRulesResult()); + }); + + test('returns expected transform for elastic rules results', () => { + const logger = loggingSystemMock.createLogger(); + const result = transformEventLogTypeStatus({ + logger, + aggs: getEventLogElasticRules().aggregations, + }); + expect(result).toEqual(getEventLogElasticRulesResult()); + }); + + test('returns expected transform for custom rules results', () => { + const logger = loggingSystemMock.createLogger(); + const result = transformEventLogTypeStatus({ + logger, + aggs: getElasticLogCustomRules().aggregations, + }); + expect(result).toEqual(getEventLogCustomRulesResult()); + }); +}); diff --git a/x-pack/plugins/security_solution/server/usage/queries/utils/transform_event_log_type_status.ts b/x-pack/plugins/security_solution/server/usage/queries/utils/transform_event_log_type_status.ts index 85e28251f87166..486a91ab4c36e5 100644 --- a/x-pack/plugins/security_solution/server/usage/queries/utils/transform_event_log_type_status.ts +++ b/x-pack/plugins/security_solution/server/usage/queries/utils/transform_event_log_type_status.ts @@ -10,7 +10,7 @@ import type { EventLogTypeStatusAggs } from '../../types'; import type { SingleEventLogStatusMetric } from '../../detections/rules/types'; import { getInitialSingleEventLogUsage } from '../../detections/rules/get_initial_usage'; import { countTotals } from './count_totals'; -import { transformSingleRuleMetric } from './transform_signle_rule_metric'; +import { transformSingleRuleMetric } from './transform_single_rule_metric'; export interface TransformEventLogTypeStatusOptions { logger: Logger; diff --git a/x-pack/plugins/security_solution/server/usage/queries/utils/transform_single_rule_metric.test.ts b/x-pack/plugins/security_solution/server/usage/queries/utils/transform_single_rule_metric.test.ts new file mode 100644 index 00000000000000..b3570dc5c17ae1 --- /dev/null +++ b/x-pack/plugins/security_solution/server/usage/queries/utils/transform_single_rule_metric.test.ts @@ -0,0 +1,137 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { SingleEventMetric } from '../../detections/rules/types'; +import { transformSingleRuleMetric } from './transform_single_rule_metric'; + +describe('transform_single_rule_metric', () => { + test('it transforms a single metric correctly', () => { + const result = transformSingleRuleMetric({ + failed: { + doc_count: 325, + categories: { + buckets: [ + { + doc_count: 163, + key: 'This rule is attempting to query data from Elasticsearch indices listed in the Index pattern section of the rule definition however no index matching blah frank was found This warning will continue to appear until matching index is created or this rule is disabled', + }, + { + doc_count: 162, + key: 'This rule is attempting to query data from Elasticsearch indices listed in the Index pattern section of the rule definition however no index matching logs-endpoint.alerts was found This warning will continue to appear until matching index is created or this rule is disabled If you have recently enrolled agents enabled with Endpoint Security through Fleet this warning should stop once an alert is sent from an agent', + }, + ], + }, + cardinality: { + value: 2, + }, + }, + partialFailed: { + doc_count: 325, + categories: { + buckets: [ + { + doc_count: 163, + key: 'This rule is attempting to query data from Elasticsearch indices listed in the Index pattern section of the rule definition however no index matching blah frank was found This warning will continue to appear until matching index is created or this rule is disabled', + }, + { + doc_count: 162, + key: 'This rule is attempting to query data from Elasticsearch indices listed in the Index pattern section of the rule definition however no index matching logs-endpoint.alerts was found This warning will continue to appear until matching index is created or this rule is disabled If you have recently enrolled agents enabled with Endpoint Security through Fleet this warning should stop once an alert is sent from an agent', + }, + ], + }, + cardinality: { + value: 2, + }, + }, + succeeded: { + doc_count: 317, + cardinality: { + value: 5, + }, + }, + singleMetric: { + doc_count: 5, + maxTotalIndexDuration: { + value: 5, + }, + avgTotalIndexDuration: { + value: 3, + }, + minTotalIndexDuration: { + value: 2, + }, + gapCount: { + value: 4, + }, + maxGapDuration: { + value: 8, + }, + avgGapDuration: { + value: 2, + }, + minGapDuration: { + value: 9, + }, + maxTotalSearchDuration: { + value: 4, + }, + avgTotalSearchDuration: { + value: 2, + }, + minTotalSearchDuration: { + value: 12, + }, + }, + }); + + expect(result).toEqual({ + failed: 2, + top_failed: { + '1': { + message: + 'This rule is attempting to query data from Elasticsearch indices listed in the Index pattern section of the rule definition however no index matching blah frank was found This warning will continue to appear until matching index is created or this rule is disabled', + count: 163, + }, + '2': { + message: + 'This rule is attempting to query data from Elasticsearch indices listed in the Index pattern section of the rule definition however no index matching logs-endpoint.alerts was found This warning will continue to appear until matching index is created or this rule is disabled If you have recently enrolled agents enabled with Endpoint Security through Fleet this warning should stop once an alert is sent from an agent', + count: 162, + }, + }, + partial_failure: 2, + top_partial_failure: { + '1': { + message: + 'This rule is attempting to query data from Elasticsearch indices listed in the Index pattern section of the rule definition however no index matching blah frank was found This warning will continue to appear until matching index is created or this rule is disabled', + count: 163, + }, + '2': { + message: + 'This rule is attempting to query data from Elasticsearch indices listed in the Index pattern section of the rule definition however no index matching logs-endpoint.alerts was found This warning will continue to appear until matching index is created or this rule is disabled If you have recently enrolled agents enabled with Endpoint Security through Fleet this warning should stop once an alert is sent from an agent', + count: 162, + }, + }, + succeeded: 5, + index_duration: { + max: 5, + avg: 3, + min: 2, + }, + search_duration: { + max: 4, + avg: 2, + min: 12, + }, + gap_duration: { + max: 8, + avg: 2, + min: 9, + }, + gap_count: 4, + }); + }); +}); diff --git a/x-pack/plugins/security_solution/server/usage/queries/utils/transform_signle_rule_metric.ts b/x-pack/plugins/security_solution/server/usage/queries/utils/transform_single_rule_metric.ts similarity index 100% rename from x-pack/plugins/security_solution/server/usage/queries/utils/transform_signle_rule_metric.ts rename to x-pack/plugins/security_solution/server/usage/queries/utils/transform_single_rule_metric.ts