Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/845#discussion_r152081656
--- Diff:
metron-platform/metron-elasticsearch/src/main/java/org/apache/metron/elasticsearch/dao/ElasticsearchMetaAlertDao.java
---
@@ -614,8 +625,15 @@ protected void calculateMetaScores(Document metaAlert)
{
}
metaScores = new MetaScores(scores);
}
+
+ // add a summary (max, min, avg, count, sum) of all the threat scores
from the child alerts
metaAlert.getDocument().putAll(metaScores.getMetaScores());
- metaAlert.getDocument().put(threatTriageField,
metaScores.getMetaScores().get(threatSort));
+
+ // the overall threat score for the metaalert; either max, min, avg,
count or sum of all child scores
--- End diff --
I would not hold up the PR for this point if it is too much. Just seems
that we are coding around something else.
---
