[Inventory rule] Fix bug in inventory rule for Inbound and Outbound traffic threshold (both preview and executor) (#177997)

Fixes #177912 ## Summary This PR fixes the wrong threshold value in the preview and execution of the inventory rule type for both Inbound and Outbound traffic. |Before|After| |---|---| |![image](48434ee0-4a0d-4fee-9fd1-e60bcb31f216)| ## 🧪 How to test - Adjust data forge package and hard code a specific value for ingress and/or egress - For example, I changed this [line](https://github.com/elastic/kibana/blob/main/x-pack/packages/kbn-data-forge/src/data_sources/fake_hosts/index.ts#L100) to `bytes: 64,`, then when I created a rule, I always had 8.5 bit/s (64 * 8 = 512, and 512 / 60 = 8.5) Before the fix, if I added 8 bit/s as threshold, I didn't get any alert because the value that was compared to 1.7 bit/s (8.5 / 8) was 8 instead of 1 (8 / 8) which was incorrect. <img src="a8c372c5-f5f7-4168-b329-168dbfd20101" width=500 /> - Run the data forge command to generate some data ``` node x-pack/scripts/data_forge.js \ --events-per-cycle 7 \ --lookback now-20m \ --install-kibana-assets \ --dataset fake_hosts ``` - Create an inventory rule for egress/ingress depending on which one you adjusted, and make sure the rule generates an alert correctly and the data shown in the alert table and flyout are also correct.
2025-04-24 09:48:58 -04:00 · 2024-03-05 19:07:50 +01:00 · 2024-03-05 19:07:50 +01:00 · 8f9c130a06
commit 8f9c130a06
parent 9413042274
4 changed files with 88 additions and 0 deletions
--- a/x-pack/plugins/observability_solution/infra/public/alerting/inventory/components/expression_chart.tsx
+++ b/x-pack/plugins/observability_solution/infra/public/alerting/inventory/components/expression_chart.tsx
@ -231,4 +231,6 @@ const convertMetricValue = (metric: SnapshotMetricType, value: number) => {
 const converters: Record<string, (n: number) => number> = {
  cpu: (n) => Number(n) / 100,
  memory: (n) => Number(n) / 100,
+  tx: (n) => Number(n) / 8,
+  rx: (n) => Number(n) / 8,
 };
--- a/x-pack/plugins/observability_solution/infra/server/lib/alerting/inventory_metric_threshold/lib/convert_metric_value.ts
+++ b/x-pack/plugins/observability_solution/infra/server/lib/alerting/inventory_metric_threshold/lib/convert_metric_value.ts
@ -18,4 +18,6 @@ export const convertMetricValue = (metric: SnapshotMetricType, value: number) =>
 const converters: Record<string, (n: number) => number> = {
  cpu: (n) => Number(n) / 100,
  memory: (n) => Number(n) / 100,
+  tx: (n) => Number(n) / 8,
+  rx: (n) => Number(n) / 8,
 };
--- a/x-pack/plugins/observability_solution/infra/server/lib/alerting/inventory_metric_threshold/lib/create_bucket_selector.test.ts
+++ b/x-pack/plugins/observability_solution/infra/server/lib/alerting/inventory_metric_threshold/lib/create_bucket_selector.test.ts
@ -0,0 +1,63 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { Comparator, InventoryMetricConditions } from '../../../../../common/alerting/metrics';
+import { createBucketSelector } from './create_bucket_selector';
+
+describe('createBucketSelector', () => {
+  it('should convert tx threshold from bits to byte', () => {
+    const inventoryMetricConditions: InventoryMetricConditions = {
+      metric: 'tx',
+      timeSize: 5,
+      timeUnit: 'm',
+      threshold: [8],
+      comparator: Comparator.GT_OR_EQ,
+      warningThreshold: [16],
+      warningComparator: Comparator.LT_OR_EQ,
+    };
+    expect(createBucketSelector('tx', inventoryMetricConditions)).toEqual({
+      selectedBucket: {
+        bucket_selector: {
+          buckets_path: {
+            shouldTrigger: 'shouldTrigger',
+            shouldWarn: 'shouldWarn',
+          },
+          script:
+            '(params.shouldWarn != null && params.shouldWarn > 0) || (params.shouldTrigger != null && params.shouldTrigger > 0)',
+        },
+      },
+      shouldTrigger: {
+        bucket_script: {
+          buckets_path: {
+            value: 'tx',
+          },
+          script: {
+            params: {
+              // Threshold has been converted from 8 bits to 1 byte
+              threshold: 1,
+            },
+            source: 'params.value >= params.threshold ? 1 : 0',
+          },
+        },
+      },
+      shouldWarn: {
+        bucket_script: {
+          buckets_path: {
+            value: 'tx',
+          },
+          script: {
+            params: {
+              // Threshold has been converted from 16 bits to 2 byte
+              threshold: 2,
+            },
+            source: 'params.value <= params.threshold ? 1 : 0',
+          },
+        },
+      },
+    });
+  });
+});
--- a/x-pack/plugins/observability_solution/infra/server/lib/alerting/inventory_metric_threshold/lib/create_condition_script.test.ts
+++ b/x-pack/plugins/observability_solution/infra/server/lib/alerting/inventory_metric_threshold/lib/create_condition_script.test.ts
@ -0,0 +1,21 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { Comparator } from '../../../../../common/alerting/metrics';
+import { createConditionScript } from './create_condition_script';
+
+describe('createConditionScript', () => {
+  it('should convert tx threshold from bits to byte', () => {
+    expect(createConditionScript([8], Comparator.GT_OR_EQ, 'tx')).toEqual({
+      params: {
+        // Threshold has been converted from 8 bits to 1 byte
+        threshold: 1,
+      },
+      source: 'params.value >= params.threshold ? 1 : 0',
+    });
+  });
+});