[jira] [Commented] (METRON-1301) Alerts UI - Sorting on Triage Score Unexpectedly Filters Some Records

Tue, 07 Nov 2017 08:35:12 -0800 

    [ 
https://issues.apache.org/jira/browse/METRON-1301?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16242332#comment-16242332
 ] 

ASF GitHub Bot commented on METRON-1301:
----------------------------------------

Github user cestella commented on a diff in the pull request:

    https://github.com/apache/metron/pull/832#discussion_r149428796
  
    --- Diff: 
metron-platform/metron-elasticsearch/src/main/java/org/apache/metron/elasticsearch/dao/ElasticsearchDao.java
 ---
    @@ -234,26 +366,43 @@ public synchronized void init(AccessConfig config) {
         if(this.client == null) {
           this.client = 
ElasticsearchUtils.getClient(config.getGlobalConfigSupplier().get(), 
config.getOptionalSettings());
           this.accessConfig = config;
    +      this.columnMetadataDao = new 
ElasticsearchColumnMetadataDao(this.client.admin(), 
Collections.singletonList(".kibana"));
    --- End diff --
    
    I'm almost always in favor of having hard coded things passed in via config 
files.  It gets us out of jams and almost every time I've convinced myself that 
it's not necessary, it totally is.  How convinced are you that we are only ever 
going to need one ignored index?
    
    If you have doubts, then I'd probably add something to the 
`application.yml` which gets set in the AccessConfig object when we set up the 
index in the IndexConfig from `metron-rest`.


> Alerts UI - Sorting on Triage Score Unexpectedly Filters Some Records
> ---------------------------------------------------------------------
>
>                 Key: METRON-1301
>                 URL: https://issues.apache.org/jira/browse/METRON-1301
>             Project: Metron
>          Issue Type: Bug
>    Affects Versions: 0.4.1
>            Reporter: Nick Allen
>            Assignee: Nick Allen
>             Fix For: Next + 1
>
>         Attachments: 01-Alerts-UI-default-view.png, 02-Sort-on-Score-field.png
>
>
> Sorting on a field like threat triage score in the Alerts UI removes any 
> records that do not have a threat triage score defined from the search 
> results.
> For example, I have 7 records when sorted by timestamp.  All 7 records have a 
> timestamp field.
> After sorting by score (threat triage score) there are only 5 records.  The 2 
> records missing a threat triage score are no longer included.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to