[jira] [Commented] (METRON-1158) Build backend for grouping alerts into meta alerts

Fri, 08 Sep 2017 12:46:27 -0700 

    [ 
https://issues.apache.org/jira/browse/METRON-1158?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16159184#comment-16159184
 ] 

ASF GitHub Bot commented on METRON-1158:
----------------------------------------

Github user justinleet commented on a diff in the pull request:

    https://github.com/apache/metron/pull/734#discussion_r137874898
  
    --- Diff: metron-interface/metron-rest/README.md ---
    @@ -361,6 +363,21 @@ Request and Response objects are JSON formatted.  The 
JSON schemas are available
         * 200 - Returns sample message
         * 404 - Either Kafka topic is missing or contains no messages
     
    +### `POST /api/v1/metaalert/searchByAlert`
    +  * Description: Searches meta alerts to find any containing an alert for 
the provided GUID
    +  * Input:
    +    * guid - GUID of the alert
    +  * Returns:
    +    * 200 - Returns the meta alerts associated with this alert
    +    * 404 - Either Kafka topic is missing or contains no messages
    --- End diff --
    
    Absolutely a mistake.  Thought I'd fixed that, but apparently not.


> Build backend for grouping alerts into meta alerts
> --------------------------------------------------
>
>                 Key: METRON-1158
>                 URL: https://issues.apache.org/jira/browse/METRON-1158
>             Project: Metron
>          Issue Type: New Feature
>            Reporter: Justin Leet
>            Assignee: Justin Leet
>
> We should be able to handle meta alerts (manually grouped alerts, 
> particularly from the UI) in the system. This should be integrated with the 
> DAO composition put into place with IndexDao.
> While similar to faceting (and likely resulting from slicing and dicing from 
> faceting), these need to be interacted with and queryable alongside regular 
> alerts.
> This needs to handle:
> * ES (as a starting point. This shouldn't preclude Solr)
> * Creation of meta alerts
> * Maintain update semantics for alerts
> * Handling scores when a child alert is added, updated or deleted.
> * Continue to allow regular alerts to flow through cleanly to the original 
> sensor indices.
> * Allow for querying (plus sorting and so on) alongside the original sensor 
> indices.
> * Maintain UI grouping order as the minimum of metadata.
> * This should be configured via the same indexDao definition (or at least 
> similar) as the other indexDaos.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to