prevent spike rule crash when reference time window is empty

jertel · Jan 23, 2025 · ba3a3d1 · ba3a3d1
1 parent 667be2b
commit ba3a3d1
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -35,6 +35,7 @@
 - Upgrade dependency tencentcloud-sdk-python to 3.0.1295 - [#1599](https://github.com/jertel/elastalert2/pull/1599) - @jertel
 - Upgrade dependency twilio to 9.4.1 - [#1599](https://github.com/jertel/elastalert2/pull/1599) - @jertel
 - [Spike] Fixes spike rule error when no data exists in the current time window - [#1605](https://github.com/jertel/elastalert2/pull/1605) - @jertel
+- [Spike] Fixes spike rule error when no data exists in the reference time window - [#1610](https://github.com/jertel/elastalert2/pull/1610) - @jertel
 
 # 2.22.0
 

diff --git a/elastalert/ruletypes.py b/elastalert/ruletypes.py
@@ -523,7 +523,7 @@ def add_match(self, match, qk):
     def find_matches(self, ref, cur):
         """ Determines if an event spike or dip happening. """
         # Apply threshold limits
-        if self.field_value is None and cur is not None:
+        if self.field_value is None and cur is not None and ref is not None:
             if (cur < self.rules.get('threshold_cur', 0) or
                     ref < self.rules.get('threshold_ref', 0)):
                 return False

diff --git a/tests/rules_test.py b/tests/rules_test.py
@@ -266,6 +266,19 @@ def test_spike_no_data():
     assert not result
 
 
+def test_spike_no_ref_data():
+    rules = {'threshold_ref': 10,
+             'spike_height': 2,
+             'timeframe': datetime.timedelta(seconds=10),
+             'spike_type': 'both',
+             'timestamp_field': '@timestamp',
+             'query_key': 'foo.bar.baz',
+             'field_value': None}
+    rule = SpikeRule(rules)
+    result = rule.find_matches(None, 1)
+    assert not result
+
+
 def test_spike():
     # Events are 1 per second
     events = hits(100, timestamp_field='ts')