Regarding alert ID, it seems like this is the kind of thing which should be uniform for all the different types of indices: solr and HDFS. You might (and probably do) want to be able to join between IDs in HDFS and ES or Solr, for instance, so it probably shouldn't be tied to the ES ID. We might want to make a Metron ID that is baked into the parsers and is a SHA-2 hash of the data.
On Fri, Feb 24, 2017 at 9:29 AM, Ryan Merriman <merrim...@gmail.com> wrote: > Related to the 'What does "Escalate" do' question, one topic that needs > some discussion is how we integrate with 3rd party ticketing systems. How > should we design this extension point? Some basic requirements could be > that a call is made to somewhere with the alert as the payload and some > kind of ticket or issue id is received as a response. This is a very > open-ended question and there are likely several different ways we go do > it. > > As for Casey's other points: > > - The most obvious choice for alert id would be the id in elasticsearch. > Are there other ids we should consider? > - Configurable display fields makes a lot of sense to me and should not be > complex to implement. > - Agreed on offering intuitive ways to filter messages by fields. > > Ryan > > On Thu, Feb 23, 2017 at 6:42 PM, Casey Stella <ceste...@gmail.com> wrote: > > > - What does "Escalate" do exactly? > > - Where does the Alert ID come from? > > - Are the fields displayed configurable? > > - It'd be nice to be able to select a set of fields for a message and > > have the list of messages filter to just those where those fields are > > the > > same as the one viewed. > > > > > > On Thu, Feb 23, 2017 at 3:24 PM, Houshang Livian < > hliv...@hortonworks.com> > > wrote: > > > > > Hello Metron Community, > > > > > > We have mocked up an Alerts UI for Metron for your consideration. > Please > > > take a look and share your thoughts. > > > > > > Here is a link to our thoughts on this: > > > http://imgur.com/a/KMTKN > > > > > > Does this look like a reasonable place to start? > > > Is there anything that is an absolute MUST have or MUST NOT have? > > > > > > Houshang Livian > > > > > > > > > > > >
