[jira] [Commented] (METRON-1272) Hide child alerts from searches and grouping if they belong to meta alerts

Tue, 24 Oct 2017 16:05:38 -0700 

    [ 
https://issues.apache.org/jira/browse/METRON-1272?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16217851#comment-16217851
 ] 

ASF GitHub Bot commented on METRON-1272:
----------------------------------------

Github user nickwallen commented on a diff in the pull request:

    https://github.com/apache/metron/pull/811#discussion_r146712573
  
    --- Diff: 
metron-platform/metron-elasticsearch/src/main/java/org/apache/metron/elasticsearch/dao/ElasticsearchDao.java
 ---
    @@ -174,21 +175,34 @@ protected SearchResponse search(SearchRequest 
searchRequest, QueryBuilder queryB
     
       @Override
       public GroupResponse group(GroupRequest groupRequest) throws 
InvalidSearchException {
    -    if(client == null) {
    +    return group(groupRequest, new 
QueryStringQueryBuilder(groupRequest.getQuery()));
    +  }
    +
    +  /**
    +   * Defers to a provided {@link 
org.elasticsearch.index.query.QueryBuilder} for the query.
    +   * @param groupRequest The request defining the parameters of the 
grouping
    +   * @param queryBuilder The actual query to be run. Intended for if the 
SearchRequest requires wrapping
    +   * @return The results of the query
    +   * @throws InvalidSearchException When the query is malformed or the 
current state doesn't allow search
    +   */
    --- End diff --
    
    Thanks for the javadoc!


> Hide child alerts from searches and grouping if they belong to meta alerts
> --------------------------------------------------------------------------
>
>                 Key: METRON-1272
>                 URL: https://issues.apache.org/jira/browse/METRON-1272
>             Project: Metron
>          Issue Type: Improvement
>            Reporter: Justin Leet
>            Assignee: Justin Leet
>
> If an alert is already grouped into a meta alert, it's nice to route 
> everything through the same query structure and allow sorting alongside them, 
> etc.  However, showing alerts that are already contained in a meta alert is 
> potential clutter for a user and gives the impression an event has occurred 
> twice if it's in a standalone alert and a metaalert.
> This should hide alerts contained in a meta alert from searches (which will 
> always match the enclosing meta alert anyway, so nothing will be lost from 
> the search).
> They should also be hidden from grouping calls, because the user has already 
> manually grouped them during prior slicing and dicing.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to