Adding slicing capability for the open source Events/Alerts table#24958
Merged
Adding slicing capability for the open source Events/Alerts table#24958
Conversation
…n a slices fetch function has been provided.
…s not always apply to custom slices renderer.
…slices/events-open-source
Adds EventsResourceSlicesIT with ES fixtures covering all slice columns (priority, alert, event_definition_id, event_definition_type, key) and filter combinations for the POST /events/slices endpoint. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
9 tasks
…slices/events-open-source
dennisoelkers
approved these changes
Feb 26, 2026
Member
dennisoelkers
left a comment
dennisoelkers
left a comment
There was a problem hiding this comment.
No major blockers found, code/architecture looks good in general.
graylog2-server/src/main/java/org/graylog/events/search/EventsSearchService.java
Show resolved
Hide resolved
graylog2-server/src/test/java/org/graylog/events/search/EventsSearchServiceSlicesTest.java
Show resolved
Hide resolved
|
|
||
| void importMongoDBFixture(String resourcePath, Class<?> testClass); | ||
|
|
||
| long countDocumentsInMongoDBCollection(String collection); |
Member
There was a problem hiding this comment.
Not saying now, but at some point we should extract db-related methods to a GraylogBackend.DB class
…a follow-up PR we will render `DefaultQueryParamProvider` for tests by default.
laura-b-g
pushed a commit
that referenced
this pull request
Mar 2, 2026
…4958) * adding slicing capability for the open source Events/Alerts table * adding slicing capability * fix mapping * Do not provide sort info from slicing section to backend. * Cleanup parameters provided to backend when fetching slices. * Move slices renderers outside of component. * Make usage of `parseFilters` easier to read. * Cleanup * Consider slices when fetching data for entity table. * Show empty slices for event priority and type column. * Update tests * result cleanup, add mapping function * remove obsolete class * Fixing error when fetching security events. * Enable slice by action for columns in paginated entity table only when a slices fetch function has been provided. * fix default parameters * Cleanup naming * Use background color to highlight active slice, since font weight does not always apply to custom slices renderer. * Disable filters which are conflicting with active slice. * Update `EntityDataTable` test. * adding tests * Add full-backend integration tests for events slices endpoint Adds EventsResourceSlicesIT with ES fixtures covering all slice columns (priority, alert, event_definition_id, event_definition_type, key) and filter combinations for the POST /events/slices endpoint. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fixing test, adding waiting method for index * adding changelog * Disable linter hint * adding convenience method for MongoDB sanity checks after fixture imports * reverting include_all to false as this is the use case we're going for now * Use stati width for slices section. * Do not use text overflow ellipses for count badge. * Improve naming * Add close button for slice section. * Add max-height for slices list * Make sure to not remove filter when slicing by column. * Cleanup query param handling * Enable batching for updating query params, to fix edge cases. * Display slices badges in readable format. * Fix type casting * improved changelog * Fixing tests by adding `DefaultQueryParamProvider` where require. In a follow-up PR we will render `DefaultQueryParamProvider` for tests by default. * Fixing linter hint * Format code * Simplify slicing test --------- Co-authored-by: Linus Pahl <linus.pahl@graylog.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
fpetersen-gl
added a commit
that referenced
this pull request
Mar 9, 2026
* checkpoint * checkpoint * fix event creation * remove redundant code * cleanup * review suggestions * Change URN to reduce ambiguity * revert 10-minute traffic counting * Support new event definition type in event definition form * Make group_by optional * block creation of generic mongoDB event definitions * add unit test * Batch Index Stats Requests to Avoid URL Length Overflow (#25031) * Batch Index Stats Requests to Avoid URL Length Overflow * CL * refactoring * don't leak internal constant * adjust unit tests --------- Co-authored-by: Florian Petersen <188503754+fpetersen-gl@users.noreply.github.com> * Bump io.swagger.core.v3:swagger-jaxrs2-jakarta from 2.2.42 to 2.2.43 (#25114) Bumps io.swagger.core.v3:swagger-jaxrs2-jakarta from 2.2.42 to 2.2.43. --- updated-dependencies: - dependency-name: io.swagger.core.v3:swagger-jaxrs2-jakarta dependency-version: 2.2.43 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Feature: add numeric range aggregation support to Scripting API (#25103) * feat: add numeric range aggregation support to Scripting API Add support for numeric range aggregations in the Scripting API, allowing users to group search results into custom numeric buckets (e.g., response times 0-100ms, 100-500ms, 500ms+). New classes: - NumberRange: value class holding optional from/to Double bounds - RangeBucket: BucketSpec implementation for numeric range buckets - ESRangeHandler, OSRangeHandler (OS2/OS3): storage backend handlers Modified: - Grouping: new "ranges" field, mutually exclusive with limit/timeunit/scaling - GroupingToBucketSpecMapper: produces RangeBucket when ranges are present - AggregationSpecToPivotMapper: respects ranges in auto-interval logic - All three ViewsBackendModule classes: register RangeBucket handlers Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add integration tests for range aggregation in ScriptingApiResourceIT Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * adding changelog * using more idiomatic code regarding the Optionals * improving conditional * records instead of Autovalue --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * Migrate IndexerHostsAdapter to OS java client (#25022) * switch to java client using typed interface * use raw json * add test resources * Fix documentation link for MCP Server configuration (#25107) * Add AWS STS proxy support for assume-role credentials in utils (#25072) * Add proxy support in AWS client utils * Fix CloudTrail input to use proxy settings for STS as well * Add change log * Naming nit * Expand tests, cleanup * Fix missing Assume Role field on setup wizard flow * Add Assume Role field on review page. * Bump eslint-plugin-compat (#25125) Bumps [eslint-plugin-compat](https://github.com/amilajack/eslint-plugin-compat) from 6.1.0 to 6.2.0. - [Release notes](https://github.com/amilajack/eslint-plugin-compat/releases) - [Changelog](https://github.com/amilajack/eslint-plugin-compat/blob/main/CHANGELOG.md) - [Commits](amilajack/eslint-plugin-compat@v6.1.0...v6.2.0) --- updated-dependencies: - dependency-name: eslint-plugin-compat dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump basic-ftp from 5.0.3 to 5.2.0 in /graylog2-web-interface (#25122) Bumps [basic-ftp](https://github.com/patrickjuchli/basic-ftp) from 5.0.3 to 5.2.0. - [Release notes](https://github.com/patrickjuchli/basic-ftp/releases) - [Changelog](https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md) - [Commits](patrickjuchli/basic-ftp@v5.0.3...v5.2.0) --- updated-dependencies: - dependency-name: basic-ftp dependency-version: 5.2.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Change default time range for Events and Alerts to 30 days (#24950) * Change default time range for Events and Alerts to 34 days The default time range has been reduced from 180 days to 34 days to align with typical index rotation cycles (up to 33 days). This ensures queries stay within indexed data while providing complete coverage. Additionally, the Events table now uses the same default time range as the histogram. Previously, the table would search back to 1970 when no timestamp filter was specified in the URL. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * Add changelog * Fix issue number * Change from 34 to 30 days. * Add tests for fetchEvents * Remove unneeded mocking of qualifyURL --------- Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com> * Migrating some remaining JS to TS. (#25118) * Migrating some remaining JS to TS. * Fixing up ts & linter. * Bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.4 to 3.5.5 (#25128) Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.5.4 to 3.5.5. - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](apache/maven-surefire@surefire-3.5.4...surefire-3.5.5) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-surefire-plugin dependency-version: 3.5.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump org.apache.maven.plugins:maven-failsafe-plugin from 3.5.4 to 3.5.5 (#25127) Bumps [org.apache.maven.plugins:maven-failsafe-plugin](https://github.com/apache/maven-surefire) from 3.5.4 to 3.5.5. - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](apache/maven-surefire@surefire-3.5.4...surefire-3.5.5) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-failsafe-plugin dependency-version: 3.5.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump org.openrewrite:rewrite-java in the openrewrite group (#25124) Bumps the openrewrite group with 1 update: [org.openrewrite:rewrite-java](https://github.com/openrewrite/rewrite). Updates `org.openrewrite:rewrite-java` from 8.73.1 to 8.73.2 - [Release notes](https://github.com/openrewrite/rewrite/releases) - [Commits](openrewrite/rewrite@v8.73.1...v8.73.2) --- updated-dependencies: - dependency-name: org.openrewrite:rewrite-java dependency-version: 8.73.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: openrewrite ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Syslog disable autorelease (#25120) * Keeping track of retained buffers, always releasing them after processing * Removed logging, added cl * Removed system.out.println from test * Try to keep track of as few ByteBufs as possible by removing the reference to already freed ones while reading from an open channel. * alternate approach to buffer release * unit tests for edge cases * CL --------- Co-authored-by: Florian Petersen <188503754+fpetersen-gl@users.noreply.github.com> * Fix input state action button going to set-up mode after stopping input. (#25058) * Fix inpit state action button going to set-up mode after stopping input. * update test --------- Co-authored-by: Laura Bergenthal-Grotlüschen <197286649+laura-b-g@users.noreply.github.com> * Bump react-window from 2.2.6 to 2.2.7 in /graylog2-web-interface (#25137) Bumps [react-window](https://github.com/bvaughn/react-window) from 2.2.6 to 2.2.7. - [Release notes](https://github.com/bvaughn/react-window/releases) - [Changelog](https://github.com/bvaughn/react-window/blob/main/CHANGELOG.md) - [Commits](bvaughn/react-window@2.2.6...2.2.7) --- updated-dependencies: - dependency-name: react-window dependency-version: 2.2.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Address Entity-table limitations (#24427) * first draft of getting a related identifier * add composite suggestion display * add computed field registry logic * fix test * add Inputs page navigation (#24970) * update dependency array * fix title rendering * enhance status provider to handle not running inputs * fix linter * dont swallow exceptions during filter parsing * fix unit test * Update graylog2-server/src/main/java/org/graylog2/database/suggestions/EntitySuggestion.java Co-authored-by: Ismail Belkacim <xd4rker@users.noreply.github.com> * fix composite filter search --------- Co-authored-by: Ousmane SAMBA <ousmane@graylog.com> Co-authored-by: Ousmane Samba <ousmane.samba@graylog.com> Co-authored-by: Mohamed OULD HOCINE <106236152+gally47@users.noreply.github.com> Co-authored-by: Laura Bergenthal-Grotlüschen <197286649+laura-b-g@users.noreply.github.com> Co-authored-by: Ismail Belkacim <xd4rker@users.noreply.github.com> * Adding slicing capability for the open source Events/Alerts table (#24958) * adding slicing capability for the open source Events/Alerts table * adding slicing capability * fix mapping * Do not provide sort info from slicing section to backend. * Cleanup parameters provided to backend when fetching slices. * Move slices renderers outside of component. * Make usage of `parseFilters` easier to read. * Cleanup * Consider slices when fetching data for entity table. * Show empty slices for event priority and type column. * Update tests * result cleanup, add mapping function * remove obsolete class * Fixing error when fetching security events. * Enable slice by action for columns in paginated entity table only when a slices fetch function has been provided. * fix default parameters * Cleanup naming * Use background color to highlight active slice, since font weight does not always apply to custom slices renderer. * Disable filters which are conflicting with active slice. * Update `EntityDataTable` test. * adding tests * Add full-backend integration tests for events slices endpoint Adds EventsResourceSlicesIT with ES fixtures covering all slice columns (priority, alert, event_definition_id, event_definition_type, key) and filter combinations for the POST /events/slices endpoint. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fixing test, adding waiting method for index * adding changelog * Disable linter hint * adding convenience method for MongoDB sanity checks after fixture imports * reverting include_all to false as this is the use case we're going for now * Use stati width for slices section. * Do not use text overflow ellipses for count badge. * Improve naming * Add close button for slice section. * Add max-height for slices list * Make sure to not remove filter when slicing by column. * Cleanup query param handling * Enable batching for updating query params, to fix edge cases. * Display slices badges in readable format. * Fix type casting * improved changelog * Fixing tests by adding `DefaultQueryParamProvider` where require. In a follow-up PR we will render `DefaultQueryParamProvider` for tests by default. * Fixing linter hint * Format code * Simplify slicing test --------- Co-authored-by: Linus Pahl <linus.pahl@graylog.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * Bump fast-xml-parser from 5.3.6 to 5.3.8 in /graylog2-web-interface (#25139) Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 5.3.6 to 5.3.8. - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](NaturalIntelligence/fast-xml-parser@v5.3.6...v5.3.8) --- updated-dependencies: - dependency-name: fast-xml-parser dependency-version: 5.3.8 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Migrate MessagesAdapterOS to OS java client (#25105) * migrate MessagesAdapterOS * fix exception parsing * rename tests * add correct durability parsing * adjust exception message * make error message backwards compatible * Showing neutral trend when delta is zero. (#25138) * Showing neutral trend when delta is zero. * Adding changelog snippet. * Unnecessary data attribute. * Render `DefaultQueryParamProvider` by default in component unit tests. (#25145) * Render DefaultQueryParamProvider by default in wrappedTestingLibrary and remove redundant test wrappers. * Fix `WidgetFocusProvider.test`. * Fixing linter hints * Fixing test * Running lint --fix & prettier (#25152) Co-authored-by: Dr. Lint-a-lot <garybot2@graylog.com> * Bump less from 4.4.1 to 4.5.1 in /graylog2-web-interface (#25166) Bumps [less](https://github.com/less/less.js) from 4.4.1 to 4.5.1. - [Release notes](https://github.com/less/less.js/releases) - [Changelog](https://github.com/less/less.js/blob/master/CHANGELOG.md) - [Commits](less/less.js@v4.4.1...v4.5.1) --- updated-dependencies: - dependency-name: less dependency-version: 4.5.1 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Use OS java client in data node (#25134) * start migration * fix cluster/node metrics and test * fix OpensearchProcessImplTest * avoid problems with null values * fix node query * await async response * fix type * code cleanup, removal of plain json api --------- Co-authored-by: Tomas Dvorak <tomas.dvorak@graylog.com> * Migrate QuerySuggestions adapter to OS java client (#25098) * migrate QuerySuggestionsOS * remove already resolved todo * code cleanup * fix field type handling * Move common `Link` and `LinkContainer` into dedicated files. (#25146) * Move common `Link` and `LinkContainer` into dedicated files. * Updating test * Migrate `LinkToNode` tofunctional component. * Improve warning/error boxes on system input page (#25088) * first draft of getting a related identifier * add composite suggestion display * add computed field registry logic * fix test * add Inputs page navigation (#24970) * update dependency array * fix title rendering * enhance status provider to handle not running inputs * fix linter * dont swallow exceptions during filter parsing * fix unit test * refactor Inputs page notification * Update graylog2-server/src/main/java/org/graylog2/database/suggestions/EntitySuggestion.java Co-authored-by: Ismail Belkacim <xd4rker@users.noreply.github.com> * fix composite filter search * refetch input states periodically * remve useMemo --------- Co-authored-by: Maxwell Anipah <maxwell.anipah@graylog.com> Co-authored-by: Maxwell <98284293+kodjo-anipah@users.noreply.github.com> Co-authored-by: Mohamed OULD HOCINE <106236152+gally47@users.noreply.github.com> Co-authored-by: Laura Bergenthal-Grotlüschen <197286649+laura-b-g@users.noreply.github.com> Co-authored-by: Ismail Belkacim <xd4rker@users.noreply.github.com> * review feedback * fix linter warning * revert linter fix * remove unneeded jodatime usage * review feedback --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Laura Bergenthal-Grotlüschen <197286649+laura-b-g@users.noreply.github.com> Co-authored-by: Ousmane SAMBA <ousmane@graylog.com> Co-authored-by: Florian Petersen <188503754+fpetersen-gl@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jan Heise <jan.heise@graylog.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Matthias Oesterheld <33032967+moesterheld@users.noreply.github.com> Co-authored-by: Ramón Márquez <ramon.marquez@graylog.com> Co-authored-by: Dan Torrey <dan.torrey@graylog.com> Co-authored-by: Konrad Merz <konrad@graylog.com> Co-authored-by: Dennis Oelkers <dennis@graylog.com> Co-authored-by: Maxwell <98284293+kodjo-anipah@users.noreply.github.com> Co-authored-by: Ousmane Samba <ousmane.samba@graylog.com> Co-authored-by: Mohamed OULD HOCINE <106236152+gally47@users.noreply.github.com> Co-authored-by: Ismail Belkacim <xd4rker@users.noreply.github.com> Co-authored-by: Linus Pahl <linus.pahl@graylog.com> Co-authored-by: Linus Pahl <46300478+linuspahl@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Dr. Lint-a-lot <garybot2@graylog.com> Co-authored-by: Tomas Dvorak <tomas.dvorak@graylog.com> Co-authored-by: Maxwell Anipah <maxwell.anipah@graylog.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Adding slicing capability for the Events/Alerts entity table in open source as a basis for the enterprise table.
Supported columns: type and priority.
Fixes https://github.com/Graylog2/graylog-plugin-enterprise/issues/12912
Fixes https://github.com/Graylog2/graylog-plugin-enterprise/issues/12910
/prd https://github.com/Graylog2/graylog-plugin-enterprise/pull/13207
Motivation and Context
How Has This Been Tested?
Screenshots (if appropriate):
Types of changes
Checklist: