[jira] [Commented] (METRON-1301) Alerts UI - Sorting on Triage Score Unexpectedly Filters Some Records

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/METRON-1301?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16240787#comment-16240787
 ] 

ASF GitHub Bot commented on METRON-1301:
----------------------------------------

Github user nickwallen commented on a diff in the pull request:

    https://github.com/apache/metron/pull/832#discussion_r149184792
  
    --- Diff: 
metron-platform/metron-elasticsearch/src/main/java/org/apache/metron/elasticsearch/dao/ElasticsearchSearchSubmitter.java
 ---
    @@ -0,0 +1,138 @@
    +/**
    + * Licensed to the Apache Software Foundation (ASF) under one
    + * or more contributor license agreements.  See the NOTICE file
    + * distributed with this work for additional information
    + * regarding copyright ownership.  The ASF licenses this file
    + * to you under the Apache License, Version 2.0 (the
    + * "License"); you may not use this file except in compliance
    + * with the License.  You may obtain a copy of the License at
    + *
    + *     http://www.apache.org/licenses/LICENSE-2.0
    + *
    + * Unless required by applicable law or agreed to in writing, software
    + * distributed under the License is distributed on an "AS IS" BASIS,
    + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    + * See the License for the specific language governing permissions and
    + * limitations under the License.
    + */
    +
    +package org.apache.metron.elasticsearch.dao;
    +
    +import org.apache.commons.lang3.ArrayUtils;
    +import org.apache.commons.lang3.exception.ExceptionUtils;
    +import org.apache.metron.elasticsearch.utils.ElasticsearchUtils;
    +import org.apache.metron.indexing.dao.search.InvalidSearchException;
    +import org.elasticsearch.action.search.SearchPhaseExecutionException;
    +import org.elasticsearch.action.search.SearchRequest;
    +import org.elasticsearch.action.search.SearchResponse;
    +import org.elasticsearch.action.search.ShardSearchFailure;
    +import org.elasticsearch.client.transport.TransportClient;
    +import org.elasticsearch.rest.RestStatus;
    +import org.slf4j.Logger;
    +import org.slf4j.LoggerFactory;
    +
    +import java.lang.invoke.MethodHandles;
    +
    +/**
    + * Responsible for submitting searches to Elasticsearch.
    + */
    +public class ElasticsearchSearchSubmitter {
    +
    +  private static final Logger LOG = 
LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
    +
    +  /**
    +   * The Elasticsearch client.
    +   */
    +  private TransportClient client;
    +
    +  public ElasticsearchSearchSubmitter(TransportClient client) {
    +    this.client = client;
    +  }
    +
    +  /**
    +   * Submit a search to Elasticsearch.
    +   * @param request A search request.
    +   * @return The search response.
    +   */
    +  public SearchResponse submitSearch(SearchRequest request) throws 
InvalidSearchException {
    +    LOG.debug("About to submit a search; request={}", 
ElasticsearchUtils.toJSON(request));
    +
    +    // submit the search request
    +    org.elasticsearch.action.search.SearchResponse esResponse;
    +    try {
    +      esResponse = client
    +              .search(request)
    +              .actionGet();
    +      LOG.debug("Got Elasticsearch response; response={}", 
esResponse.toString());
    +
    +    } catch (SearchPhaseExecutionException e) {
    +      String msg = String.format(
    +              "Failed to execute search; error='%s', search='%s'",
    +              ExceptionUtils.getRootCauseMessage(e),
    +              ElasticsearchUtils.toJSON(request));
    +      LOG.error(msg, e);
    +      throw new InvalidSearchException(msg, e);
    +    }
    +
    +    // check for shard failures
    +    if(esResponse.getFailedShards() > 0) {
    --- End diff --
    
    This is the logic that will ensure similar, subtle errors that occur in 
Elasticsearch will not be masked going forward.


> Alerts UI - Sorting on Triage Score Unexpectedly Filters Some Records
> ---------------------------------------------------------------------
>
>                 Key: METRON-1301
>                 URL: https://issues.apache.org/jira/browse/METRON-1301
>             Project: Metron
>          Issue Type: Bug
>    Affects Versions: 0.4.1
>            Reporter: Nick Allen
>            Assignee: Nick Allen
>             Fix For: Next + 1
>
>         Attachments: 01-Alerts-UI-default-view.png, 02-Sort-on-Score-field.png
>
>
> Sorting on a field like threat triage score in the Alerts UI removes any 
> records that do not have a threat triage score defined from the search 
> results.
> For example, I have 7 records when sorted by timestamp.  All 7 records have a 
> timestamp field.
> After sorting by score (threat triage score) there are only 5 records.  The 2 
> records missing a threat triage score are no longer included.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)