| 756 | |
| 757 | |
| 758 | def test_count(ea): |
| 759 | ea.rules[0]['use_count_query'] = True |
| 760 | ea.rules[0]['doc_type'] = 'doctype' |
| 761 | with mock.patch('elastalert.elastalert.elasticsearch_client'), \ |
| 762 | mock.patch.object(ea, 'get_hits_count') as mock_hits: |
| 763 | ea.run_rule(ea.rules[0], END, START) |
| 764 | |
| 765 | # Assert that es.count is run against every run_every timeframe between START and END |
| 766 | start = START |
| 767 | query = { |
| 768 | 'query': {'filtered': { |
| 769 | 'filter': {'bool': {'must': [{'range': {'@timestamp': {'lte': END_TIMESTAMP, 'gt': START_TIMESTAMP}}}]}}}}} |
| 770 | while END - start > ea.run_every: |
| 771 | end = start + ea.run_every |
| 772 | query['query']['filtered']['filter']['bool']['must'][0]['range']['@timestamp']['lte'] = dt_to_ts(end) |
| 773 | query['query']['filtered']['filter']['bool']['must'][0]['range']['@timestamp']['gt'] = dt_to_ts(start) |
| 774 | mock_hits.assert_any_call(mock.ANY, start, end, mock.ANY) |
| 775 | start = start + ea.run_every |
| 776 | |
| 777 | |
| 778 | def run_and_assert_segmented_queries(ea, start, end, segment_size): |