Skip to content

fix: apply custom dedup rules to pulled alerts (closes #5370)#6242

Open
jyoti369 wants to merge 3 commits intokeephq:mainfrom
jyoti369:fix/pulled-alerts-custom-dedup
Open

fix: apply custom dedup rules to pulled alerts (closes #5370)#6242
jyoti369 wants to merge 3 commits intokeephq:mainfrom
jyoti369:fix/pulled-alerts-custom-dedup

Conversation

@jyoti369
Copy link
Copy Markdown
Contributor

@jyoti369 jyoti369 commented Apr 11, 2026
edited by cursor bot
Loading

Summary

Fixes #5370 - Prometheus (and all other) providers now respect custom deduplication rules when pulling alerts.

Root Cause

Custom dedup rules (fingerprint_fields) were applied in format_alert() (webhook path) but not in get_alerts() (pull path). When alerts are pulled via the provider's _get_alerts() method, the fingerprint from the source system was used as-is, ignoring any user-configured fingerprint_fields.

For Prometheus specifically, the native fingerprint is based on alertname alone, so alerts with different labels (e.g. env_dc, group) were incorrectly matching as duplicates:

echo -n 'NodeLowDiskSpace4Hours' | sha256sum
6211e97de90695be41b49c773306001204872a6ebb36f4aa72a5bbd998ce7ac5

Fix

Added custom dedup rule application to BaseProvider.get_alerts(), mirroring the existing logic in format_alert(). This means ALL providers benefit from the fix when pulling alerts, not just Prometheus.

Changed files:

  • keep/providers/base/base_provider.py - Apply get_custom_deduplication_rule + get_alert_fingerprint in get_alerts() after setting provider metadata
  • tests/test_get_alerts_custom_dedup.py - Unit tests verifying custom dedup rules are applied to pulled alerts

Testing

Added 3 unit tests:

  1. Custom dedup rule overwrites native fingerprint (different labels produce different fingerprints)
  2. No custom rule preserves original fingerprint
  3. Dot-notation field access works for nested label keys (matches issue reporter's labels.alertname, labels.env_dc, labels.group config)

Note

Medium Risk
Changes how alert fingerprints are computed for all pulled alerts when a tenant has custom dedup rules, which can affect deduplication/grouping behavior across the system. Scope is small and covered by new unit tests, but behavior changes may impact existing alert correlation expectations.

Overview
Pulled alerts returned by BaseProvider.get_alerts() now respect tenant custom deduplication rules by recalculating each alert’s fingerprint using the configured fingerprint_fields (mirroring the existing webhook format_alert() behavior).

Adds unit tests to ensure a custom rule overwrites the source/native fingerprint, the original fingerprint is preserved when no rule exists, and dot-notation field paths (e.g. labels.env_dc) work when building the fingerprint.

Reviewed by Cursor Bugbot for commit 492a69e. Bugbot is set up for automated code reviews on this repo. Configure here.

@dosubot dosubot bot added the size:L This PR changes 100-499 lines, ignoring generated files. label Apr 11, 2026
@jyoti369 jyoti369 mentioned this pull request Apr 11, 2026
Open
shahargl
shahargl previously approved these changes Apr 12, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@shahargl shahargl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@dosubot dosubot bot added the lgtm This PR has been approved by a maintainer label Apr 12, 2026
@shahargl
Copy link
Copy Markdown
Member

shahargl commented Apr 12, 2026

@jyoti369 UTs fails:

=========================== short test summary info ============================
FAILED tests/test_get_alerts_custom_dedup.py::TestGetAlertsCustomDedup::test_custom_dedup_rule_overwrites_fingerprint - TypeError: Can't instantiate abstract class BaseProvider with abstract methods dispose, validate_config
FAILED tests/test_get_alerts_custom_dedup.py::TestGetAlertsCustomDedup::test_custom_dedup_with_dot_notation_fields - TypeError: Can't instantiate abstract class BaseProvider with abstract methods dispose, validate_config
FAILED tests/test_get_alerts_custom_dedup.py::TestGetAlertsCustomDedup::test_no_custom_rule_keeps_original_fingerprint - TypeError: Can't instantiate abstract class BaseProvider with abstract methods dispose, validate_config
====== 3 failed, 935 passed, 83 skipped, 13 warnings in 166.56s (0:02:46) ======

@jyoti369
fix: apply custom dedup rules to pulled alerts in get_alerts()
ab10545 
Custom deduplication rules (fingerprint_fields) were only applied to
webhook alerts via format_alert() but not to pulled alerts via
get_alerts(). This caused providers like Prometheus to ignore custom
fingerprint fields when pulling alerts, generating fingerprints based
on alertname alone instead of the configured fields.

Add the same custom dedup rule application to get_alerts() so pulled
alerts also respect user-configured fingerprint_fields.

Closes keephq#5370
@jyoti369 jyoti369 force-pushed the fix/pulled-alerts-custom-dedup branch from 492a69e to ab10545 Compare April 12, 2026 06:52
@dosubot dosubot bot added size:S This PR changes 10-29 lines, ignoring generated files. and removed size:L This PR changes 100-499 lines, ignoring generated files. labels Apr 12, 2026
@jyoti369
Copy link
Copy Markdown
Contributor Author

jyoti369 commented Apr 12, 2026

E2E failure in run-mysql-with-redis is unrelated to this PR -- it's a flaky Playwright test (test_search_by_cel[contains for nested property]) that expected 10 rows but got 20. Our PR only touches base_provider.py dedup logic and its unit test, nothing in the E2E search/filter path.

47 E2E tests passed, just this one flaked. Updating branch now to re-trigger CI.

@jyoti369
Copy link
Copy Markdown
Contributor Author

jyoti369 commented Apr 12, 2026
edited
Loading

@jyoti369 UTs fails:

=========================== short test summary info ============================
FAILED tests/test_get_alerts_custom_dedup.py::TestGetAlertsCustomDedup::test_custom_dedup_rule_overwrites_fingerprint - TypeError: Can't instantiate abstract class BaseProvider with abstract methods dispose, validate_config
FAILED tests/test_get_alerts_custom_dedup.py::TestGetAlertsCustomDedup::test_custom_dedup_with_dot_notation_fields - TypeError: Can't instantiate abstract class BaseProvider with abstract methods dispose, validate_config
FAILED tests/test_get_alerts_custom_dedup.py::TestGetAlertsCustomDedup::test_no_custom_rule_keeps_original_fingerprint - TypeError: Can't instantiate abstract class BaseProvider with abstract methods dispose, validate_config
====== 3 failed, 935 passed, 83 skipped, 13 warnings in 166.56s (0:02:46) ======

fixed this, please re-check.

@jyoti369
Copy link
Copy Markdown
Contributor Author

jyoti369 commented Apr 12, 2026
edited
Loading

@shahargl All changes are done from my side. The E2E failure (mysql-with-redis) is flaky tests unrelated to this PR - our changes only touch base_provider.py and a test file. CI has been re-triggered. Ready for re-review when you get a chance.

@jyoti369
Copy link
Copy Markdown
Contributor Author

jyoti369 commented Apr 13, 2026

@shahargl tests are fixed and CI has been re-triggered. Ready for re-review when you get a chance!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shahargl shahargl shahargl left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

lgtm This PR has been approved by a maintainer size:S This PR changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[🐛 Bug]: Prometheus provider ignores custom fingerprint fields for dedupe

2 participants

@jyoti369 @shahargl