fix: add ClickHouse-specific UPDATE syntax for alert status updates (#2090)

devin-ai-integration[bot] · arbiv · haritamar · web-flow · commit 3b870a669fa1 · 2026-01-27T17:19:17.000+02:00
ClickHouse does not support standard SQL UPDATE statements. Instead, it
requires ALTER TABLE ... UPDATE syntax for mutations.

This change adds adapter dispatch for the update_skipped_alerts and
update_sent_alerts macros to use the correct ClickHouse syntax when
running on ClickHouse adapters.

Fixes ClickHouse syntax error (Code 62) when running 'edr monitor'.

Co-authored-by: Devin AI &lt;158243242+devin-ai-integration[bot]@users.noreply.github.com&gt;
Co-authored-by: Yosef Arbiv &lt;yosef.arbiv@gmail.com&gt;
Co-authored-by: Itamar Hartstein &lt;haritamar@gmail.com&gt;
diff --git a/elementary/monitor/dbt_project/macros/alerts/manage/update_sent_alerts.sql b/elementary/monitor/dbt_project/macros/alerts/manage/update_sent_alerts.sql
@@ -1,16 +1,32 @@
 {% macro update_sent_alerts(alert_ids, sent_at) %}
     {% if execute %}
         {% if alert_ids %}
-            {% set update_sent_alerts_query %}
-                update {{ ref('elementary_cli', 'alerts_v2') }}
-                set status = 'sent',
-                    sent_at = {{ elementary.edr_cast_as_timestamp(elementary.edr_quote(sent_at)) }},
-                    updated_at = {{ elementary.edr_current_timestamp() }}
-                where alert_id in {{ elementary.strings_list_to_tuple(alert_ids) }}
-                    and status = 'pending'
-                    and {{ elementary.edr_cast_as_timestamp('detected_at') }} >= {{ elementary_cli.get_alerts_time_limit() }}
-            {% endset %}
+            {% set update_sent_alerts_query = elementary_cli.get_update_sent_alerts_query(alert_ids, sent_at) %}
             {% do elementary.run_query(update_sent_alerts_query) %}
         {% endif %}
     {% endif %}
 {% endmacro %}
+
+{% macro get_update_sent_alerts_query(alert_ids, sent_at) %}
+    {% do return(adapter.dispatch("get_update_sent_alerts_query", "elementary_cli")(alert_ids, sent_at)) %}
+{% endmacro %}
+
+{% macro default__get_update_sent_alerts_query(alert_ids, sent_at) %}
+    update {{ ref('elementary_cli', 'alerts_v2') }}
+    set status = 'sent',
+        sent_at = {{ elementary.edr_cast_as_timestamp(elementary.edr_quote(sent_at)) }},
+        updated_at = {{ elementary.edr_current_timestamp() }}
+    where alert_id in {{ elementary.strings_list_to_tuple(alert_ids) }}
+        and status = 'pending'
+        and {{ elementary.edr_cast_as_timestamp('detected_at') }} >= {{ elementary_cli.get_alerts_time_limit() }}
+{% endmacro %}
+
+{% macro clickhouse__get_update_sent_alerts_query(alert_ids, sent_at) %}
+    ALTER TABLE {{ ref('elementary_cli', 'alerts_v2') }}
+    UPDATE status = 'sent',
+        sent_at = {{ elementary.edr_cast_as_timestamp(elementary.edr_quote(sent_at)) }},
+        updated_at = {{ elementary.edr_current_timestamp() }}
+    WHERE alert_id in {{ elementary.strings_list_to_tuple(alert_ids) }}
+        and status = 'pending'
+        and {{ elementary.edr_cast_as_timestamp('detected_at') }} >= {{ elementary_cli.get_alerts_time_limit() }}
+{% endmacro %}
diff --git a/elementary/monitor/dbt_project/macros/alerts/manage/update_skipped_alerts.sql b/elementary/monitor/dbt_project/macros/alerts/manage/update_skipped_alerts.sql
@@ -1,12 +1,24 @@
 {% macro update_skipped_alerts(alert_ids) %}
     {% if execute %}
         {% if alert_ids %}
-            {% set update_skipped_alerts_query %}
-                UPDATE {{ ref('elementary_cli', 'alerts_v2') }} set status = 'skipped', updated_at = {{ elementary.edr_current_timestamp() }}
-                WHERE alert_id IN {{ elementary.strings_list_to_tuple(alert_ids) }} and status = 'pending' and
-                    {{ elementary.edr_cast_as_timestamp('detected_at') }} >= {{ elementary_cli.get_alerts_time_limit() }}
-            {% endset %}
+            {% set update_skipped_alerts_query = elementary_cli.get_update_skipped_alerts_query(alert_ids) %}
             {% do elementary.run_query(update_skipped_alerts_query) %}
         {% endif %}
     {% endif %}
-{% endmacro %}
+{% endmacro %}
+
+{% macro get_update_skipped_alerts_query(alert_ids) %}
+    {% do return(adapter.dispatch("get_update_skipped_alerts_query", "elementary_cli")(alert_ids)) %}
+{% endmacro %}
+
+{% macro default__get_update_skipped_alerts_query(alert_ids) %}
+    UPDATE {{ ref('elementary_cli', 'alerts_v2') }} set status = 'skipped', updated_at = {{ elementary.edr_current_timestamp() }}
+    WHERE alert_id IN {{ elementary.strings_list_to_tuple(alert_ids) }} and status = 'pending' and
+        {{ elementary.edr_cast_as_timestamp('detected_at') }} >= {{ elementary_cli.get_alerts_time_limit() }}
+{% endmacro %}
+
+{% macro clickhouse__get_update_skipped_alerts_query(alert_ids) %}
+    ALTER TABLE {{ ref('elementary_cli', 'alerts_v2') }} UPDATE status = 'skipped', updated_at = {{ elementary.edr_current_timestamp() }}
+    WHERE alert_id IN {{ elementary.strings_list_to_tuple(alert_ids) }} and status = 'pending' and
+        {{ elementary.edr_cast_as_timestamp('detected_at') }} >= {{ elementary_cli.get_alerts_time_limit() }}
+{% endmacro %}
