Justin Leet created METRON-1158:
-----------------------------------
Summary: Build backend for grouping alerts into meta alerts
Key: METRON-1158
URL: https://issues.apache.org/jira/browse/METRON-1158
Project: Metron
Issue Type: New Feature
Reporter: Justin Leet
Assignee: Justin Leet
We should be able to handle meta alerts (manually grouped alerts, particularly
from the UI) in the system. This should be integrated with the DAO composition
put into place with IndexDao.
While similar to faceting (and likely resulting from slicing and dicing from
faceting), these need to be interacted with and queryable alongside regular
alerts.
This needs to handle:
* ES (as a starting point. This shouldn't preclude Solr)
* Creation of meta alerts
* Maintain update semantics for alerts
* Handling scores when a child alert is added, updated or deleted.
* Continue to allow regular alerts to flow through cleanly to the original
sensor indices.
* Allow for querying (plus sorting and so on) alongside the original sensor
indices.
* Maintain UI grouping order as the minimum of metadata.
* This should be configured via the same indexDao definition (or at least
similar) as the other indexDaos.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
