[
https://issues.apache.org/jira/browse/METRON-1262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16210117#comment-16210117
]
ASF GitHub Bot commented on METRON-1262:
----------------------------------------
GitHub user merrimanr opened a pull request:
https://github.com/apache/metron/pull/806
METRON-1262: Unable to add comment for a alert in a meta-alert
## Contributor Comments
This PR fixes a bug in the ElasticsearchMetaalertDao class (description is
in the Jira). I verified it in full dev using the following steps:
1. Search for alerts in an index (you need a couple guids) with the
http://node1:8082/swagger-ui.html#!/search-controller/searchUsingPOST endpoint.
I used the alerts_ui_e2e data set that can be created with
`https://github.com/apache/metron/blob/master/metron-interface/metron-alerts/e2e/mock-data/setup.sh`:
```
{
"from": 0,
"indices": [
"alerts_ui_e2e"
],
"query": "*",
"size": 5
}
```
2. Pick a couple guids from the previous step and use the
http://node1:8082/swagger-ui.html#!/meta-alert-controller/createUsingPOST
endpoint to create a metaalert:
```
{
"groups": [
"string"
],
"guidToIndices": {
"c4c5e418-3938-099e-bb0d-37028a98dca8": "alerts_ui_e2e",
"fa91598f-51b2-2b60-11f2-6fbabc162b7e": "alerts_ui_e2e"
}
}
```
3. Use the
http://node1:8082/swagger-ui.html#!/search-controller/searchUsingPOST endpoint
to see validate the metaalert you created in the previous step:
```
{
"from": 0,
"indices": [
"metaalert"
],
"query": "*",
"size": 5
}
```
4. Update one of the alerts with the
http://node1:8082/swagger-ui.html#!/update-controller/patchUsingPATCH endpoint:
```
{
"guid": "c4c5e418-3938-099e-bb0d-37028a98dca8",
"index": "alerts_ui_e2e_index",
"patch": [
{
"op": "add",
"path": "/comments",
"value": [
{
"comment": "aaa",
"username": "admin",
"timestamp": 1508251594109
},
{
"comment": "aaa",
"username": "admin",
"timestamp": 1508251398188
},
{
"comment": "abcd",
"username": "admin",
"timestamp": 1508251201985
},
{
"comment": "ccc",
"username": "admin",
"timestamp": 1508244721089
},
{
"comment": "c123",
"username": "admin",
"timestamp": 1508244381778
}
]
}
]
}
```
5. Rerun the metadata search with the
http://node1:8082/swagger-ui.html#!/search-controller/searchUsingPOST endpoint:
```
{
"from": 0,
"indices": [
"metaalert"
],
"query": "*",
"size": 5
}
```
The alert you updated should also have the same update within the
metaalert. Both alerts should also be present.
A couple of things I want to point out:
- I ran into a NoSuchMethod error and had to remove an old jackson
dependency from metron-elasticsearch pom.xml. It was a pretty old dependency
and I haven't seen any issues since.
- I added a "guid" field to MetaAlertCreateResponse class. I believe this
makes it more useful when waiting on a metaalert create to propagate.
- It was convenient to include both the patch and replace operations in the
same test. I can split these out if desired (it will make the test more
verbose and add a duplicate test setup).
## Pull Request Checklist
Thank you for submitting a contribution to Apache Metron.
Please refer to our [Development
Guidelines](https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61332235)
for the complete guide to follow for contributions.
Please refer also to our [Build Verification
Guidelines](https://cwiki.apache.org/confluence/display/METRON/Verifying+Builds?show-miniview)
for complete smoke testing guides.
In order to streamline the review of the contribution we ask you follow
these guidelines and ask you to double check the following:
### For all changes:
- [ ] Is there a JIRA ticket associated with this PR? If not one needs to
be created at [Metron
Jira](https://issues.apache.org/jira/browse/METRON/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel).
- [ ] Does your PR title start with METRON-XXXX where XXXX is the JIRA
number you are trying to resolve? Pay particular attention to the hyphen "-"
character.
- [ ] Has your PR been rebased against the latest commit within the target
branch (typically master)?
### For code changes:
- [x] Have you included steps to reproduce the behavior or problem that is
being changed or addressed?
- [x] Have you included steps or a guide to how the change may be verified
and tested manually?
- [x] Have you ensured that the full suite of tests and checks have been
executed in the root metron folder via:
```
mvn -q clean integration-test install && build_utils/verify_licenses.sh
```
- [x] Have you written or updated unit tests and or integration tests to
verify your changes?
- [x] If adding new dependencies to the code, are these dependencies
licensed in a way that is compatible for inclusion under [ASF
2.0](http://www.apache.org/legal/resolved.html#category-a)?
- [x] Have you verified the basic functionality of the build by building
and running locally with Vagrant full-dev environment or the equivalent?
### For documentation related changes:
- [x] Have you ensured that format looks appropriate for the output in
which it is rendered by building and verifying the site-book? If not then run
the following commands and the verify changes via
`site-book/target/site/index.html`:
```
cd site-book
mvn site
```
#### Note:
Please ensure that once the PR is submitted, you check travis-ci for build
issues and submit an update to your PR as soon as possible.
It is also recommended that [travis-ci](https://travis-ci.org) is set up
for your personal repository such that your branches are built there before
submitting a pull request.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/merrimanr/incubator-metron
metaalert-alert-update
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/metron/pull/806.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #806
----
commit 28bb5c13199a483d9c8c51bb782293050a429fe9
Author: merrimanr <[email protected]>
Date: 2017-10-17T16:15:24Z
initial commit
commit 3aa4c158c11c1a72e2e80a9fa2e98a6f1be57348
Author: merrimanr <[email protected]>
Date: 2017-10-17T16:16:07Z
Merge remote-tracking branch 'mirror/master' into METRON-1255
commit bc923540e3a33225d458db9505045cf062d553f2
Author: merrimanr <[email protected]>
Date: 2017-10-17T18:02:49Z
resolved merge conflicts
commit 22e7462f2a6cae917bffc5c4b39f10b579848e63
Author: merrimanr <[email protected]>
Date: 2017-10-18T19:53:43Z
initial commit
commit 319e130d13ca58bb6ebead96250fed9a7fe5cfae
Author: merrimanr <[email protected]>
Date: 2017-10-18T21:28:04Z
Merge remote-tracking branch 'mirror/master' into metaalert-alert-update
# Conflicts:
#
metron-platform/metron-elasticsearch/src/main/java/org/apache/metron/elasticsearch/dao/ElasticsearchMetaAlertDao.java
#
metron-platform/metron-elasticsearch/src/test/java/org/apache/metron/elasticsearch/integration/ElasticsearchMetaAlertIntegrationTest.java
commit 7bb7d946fc1b400a3ff0ed1a79a029650609387a
Author: merrimanr <[email protected]>
Date: 2017-10-18T21:43:28Z
fixed a couple findUpdatedDoc statements
----
> Unable to add comment for a alert in a meta-alert
> -------------------------------------------------
>
> Key: METRON-1262
> URL: https://issues.apache.org/jira/browse/METRON-1262
> Project: Metron
> Issue Type: Bug
> Reporter: Ryan Merriman
> Assignee: Ryan Merriman
>
> Create a meta alert with multiple alerts.
> Retrieve the alert using findone
> {code:java}
> {
> "guid": "<guid-of-meta-alert>,
> "sensorType": "metaalert"
> }
> {code}
> Apply the below patch
> {code:java}
> {
> "patch": [
> {
> "op": "add",
> "path": "/comments",
> "value": [
> {
> "comment": "aaa",
> "username": "admin",
> "timestamp": 1508251594109
> },
> {
> "comment": "aaa",
> "username": "admin",
> "timestamp": 1508251398188
> },
> {
> "comment": "abcd",
> "username": "admin",
> "timestamp": 1508251201985
> },
> {
> "comment": "ccc",
> "username": "admin",
> "timestamp": 1508244721089
> },
> {
> "comment": "c123",
> "username": "admin",
> "timestamp": 1508244381778
> }
> ]
> }
> ],
> "guid": "<one-of-the-alert-in-meta-alert>",
> "sensorType": "<sensor-type>"
> }
> {code}
> Run find one again, you will notice all the alerts are missing except the one
> on which patch is applied
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
