You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@metron.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2017/11/27 22:46:01 UTC

[jira] [Commented] (METRON-1158) Build backend for grouping alerts into meta alerts

    [ https://issues.apache.org/jira/browse/METRON-1158?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16267729#comment-16267729 ] 

ASF GitHub Bot commented on METRON-1158:
----------------------------------------

Github user asfgit closed the pull request at:

    https://github.com/apache/metron/pull/803


> Build backend for grouping alerts into meta alerts
> --------------------------------------------------
>
>                 Key: METRON-1158
>                 URL: https://issues.apache.org/jira/browse/METRON-1158
>             Project: Metron
>          Issue Type: New Feature
>            Reporter: Justin Leet
>            Assignee: Justin Leet
>
> We should be able to handle meta alerts (manually grouped alerts, particularly from the UI) in the system. This should be integrated with the DAO composition put into place with IndexDao.
> While similar to faceting (and likely resulting from slicing and dicing from faceting), these need to be interacted with and queryable alongside regular alerts.
> This needs to handle:
> * ES (as a starting point. This shouldn't preclude Solr)
> * Creation of meta alerts
> * Maintain update semantics for alerts
> * Handling scores when a child alert is added, updated or deleted.
> * Continue to allow regular alerts to flow through cleanly to the original sensor indices.
> * Allow for querying (plus sorting and so on) alongside the original sensor indices.
> * Maintain UI grouping order as the minimum of metadata.
> * This should be configured via the same indexDao definition (or at least similar) as the other indexDaos.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)