[jira] [Commented] (METRON-1421) Create a SolrMetaAlertDao

Wed, 09 May 2018 15:10:39 -0700 

    [ 
https://issues.apache.org/jira/browse/METRON-1421?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16469582#comment-16469582
 ] 

ASF GitHub Bot commented on METRON-1421:
----------------------------------------

Github user merrimanr commented on the issue:

    https://github.com/apache/metron/pull/970
  
    I spun this up in full dev and ran through all the tests in the test plan 
above.  Everything in this plan worked.  I also added a step in each test to 
perform a search on alert fields and verified the metaalert was returned when 
appropriate (status is active and contained an alert with the matching field).  
The request is similar to:
    ```
    curl -u user:password -X POST --header 'Content-Type: application/json' 
--header 'Accept: application/json' -d '{
      "fields": [
        "guid","ip_dst_addr"
      ],
      "from": 0,
      "indices": [
        "metaalert"
      ],
      "query": "ip_dst_addr:192.168.66.121",
      "size": 10
    }' 'http://node1:8082/api/v1/search/search'
    ```
    
    I did find a few cases that did not work.  For the first one, I performed 
these steps:
    
    - Created a metaalert with a single alert
    - Removed the alert from the metaalert
    - Added the alert back to the metaalert
    
    After this when I did a findOne on the metaalert, I get a 404.  The 
metaalert still shows up in searches however.
    
    For the next one I performed these steps:
    
    - Created a metaalert from an alert
    - Created another metaalert from the same alert
    - Removed the alert from the first metaalert
    
    When I try to remove the alert from the second metaalert, I get false and 
the alert is still in the second metaalert.  The second metaalert is also still 
contained in the metaalerts field of the alert.
    
    These seem like pretty unusual edge cases but I thought I should report 
them anyways since it could be indicative of a deeper issue.


> Create a SolrMetaAlertDao
> -------------------------
>
>                 Key: METRON-1421
>                 URL: https://issues.apache.org/jira/browse/METRON-1421
>             Project: Metron
>          Issue Type: Sub-task
>            Reporter: Justin Leet
>            Assignee: Justin Leet
>            Priority: Major
>
> Create an implementation of the MetaAlertDao for Solr. This will involve 
> implementing the various MetaAlertDao methods using the SolrJ library and 
> also providing a SolrMetaAlertIntegrationTest (similar to 
> ElasticsearchMetaAlertIntegrationTest).



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to