[
https://issues.apache.org/jira/browse/METRON-1421?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16469582#comment-16469582
]
ASF GitHub Bot commented on METRON-1421:
----------------------------------------
Github user merrimanr commented on the issue:
https://github.com/apache/metron/pull/970
I spun this up in full dev and ran through all the tests in the test plan
above. Everything in this plan worked. I also added a step in each test to
perform a search on alert fields and verified the metaalert was returned when
appropriate (status is active and contained an alert with the matching field).
The request is similar to:
```
curl -u user:password -X POST --header 'Content-Type: application/json'
--header 'Accept: application/json' -d '{
"fields": [
"guid","ip_dst_addr"
],
"from": 0,
"indices": [
"metaalert"
],
"query": "ip_dst_addr:192.168.66.121",
"size": 10
}' 'http://node1:8082/api/v1/search/search'
```
I did find a few cases that did not work. For the first one, I performed
these steps:
- Created a metaalert with a single alert
- Removed the alert from the metaalert
- Added the alert back to the metaalert
After this when I did a findOne on the metaalert, I get a 404. The
metaalert still shows up in searches however.
For the next one I performed these steps:
- Created a metaalert from an alert
- Created another metaalert from the same alert
- Removed the alert from the first metaalert
When I try to remove the alert from the second metaalert, I get false and
the alert is still in the second metaalert. The second metaalert is also still
contained in the metaalerts field of the alert.
These seem like pretty unusual edge cases but I thought I should report
them anyways since it could be indicative of a deeper issue.
> Create a SolrMetaAlertDao
> -------------------------
>
> Key: METRON-1421
> URL: https://issues.apache.org/jira/browse/METRON-1421
> Project: Metron
> Issue Type: Sub-task
> Reporter: Justin Leet
> Assignee: Justin Leet
> Priority: Major
>
> Create an implementation of the MetaAlertDao for Solr. This will involve
> implementing the various MetaAlertDao methods using the SolrJ library and
> also providing a SolrMetaAlertIntegrationTest (similar to
> ElasticsearchMetaAlertIntegrationTest).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)