Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/788#discussion_r143157741
--- Diff:
metron-interface/metron-alerts/src/app/alerts/alert-details/alert-details.component.ts
---
@@ -133,6 +173,40 @@ export class AlertDetailsComponent implements OnInit {
});
}
+ onAddComment() {
+ let alertComment = new AlertComment(this.alertCommentStr,
this.authenticationService.getCurrentUserName(), new Date().getTime());
+ let tAlertComments = this.alertCommentsWrapper.map(alertsWrapper =>
alertsWrapper.alertComment);
+ tAlertComments.unshift(alertComment);
+ this.patchAlert(new Patch('add', '/comments', tAlertComments));
+ }
+
+ patchAlert(patch: Patch) {
+ let patchRequest = new PatchRequest();
+ patchRequest.guid = this.alertSource.guid;
+ patchRequest.index = this.alertIndex;
+ patchRequest.patch = [patch];
+ patchRequest.sensorType = this.alertSourceType;
+
+ this.updateService.patch(patchRequest).subscribe(() => {
+ this.getData();
+ });
+ }
+
+ onDeleteComment(index: number) {
+ let commentText = 'Do you wish to delete the comment ';
+ if (this.alertCommentsWrapper[index].alertComment.comment.length > 25
) {
+ commentText += ' \'' +
this.alertCommentsWrapper[index].alertComment.comment.substr(0, 25) + '...\'';
+ } else {
+ commentText += ' \'' +
this.alertCommentsWrapper[index].alertComment.comment + '\'';
+ }
+
+
this.metronDialogBox.showConfirmationMessage(commentText).subscribe(response =>
{
+ if (response) {
+ this.alertCommentsWrapper.splice(index, 1);
+ this.patchAlert(new Patch('add', '/comments',
this.alertCommentsWrapper.map(alertsWrapper => alertsWrapper.alertComment)));
--- End diff --
I'm concerned that this will actually cause problems when searching
comments in Elasticsearch. Keep in mind this is theoretical, since I'm not at
all an ES expert.
Without comments this being a [Nested
Object](https://www.elastic.co/guide/en/elasticsearch/guide/current/nested-objects.html),
this ends up being subject to cross object mapping (see [Object
Arrays](https://www.elastic.co/guide/en/elasticsearch/guide/current/complex-core-fields.html#object-arrays)).
In fact, the actual example ES gives is on comment fields. To the best of my
knowledge, this only becomes an issue when you want to do queries involving the
actual comment fields (e.g. give me all of a particular user's comments between
two times). For the case of just saving off and reading back comments, it
should be fine; I'm worried it'll bite us later and it won't at all be obvious
why.
We might want/need to actually make this a real nested field in ES, which
unfortunately probably involves backend work and some maintenance of mappings /
templates to ensure the field exists (which is a problem meta alerts also
contend with).
---
