Details
-
Bug
-
Status: Done
-
Major
-
Resolution: Done
-
None
-
None
Description
The process of updating from inactive to active is slightly incomplete. Check outĀ https://github.com/apache/metron/pull/970/files#diff-b7359d01c3ffbed48b7fdaa2d32169e7R246.
Say we have these three steps:
- Metaalert is updated to inactive
- (Former) child alert is updated.
- Metaalert is made active again.
The update will be missing from the metaalert. We need to update the metaalert with the current state of any alerts (which we conveniently have because we needed to update them all anyway!). This is a problem with both ES and Solr (which shouldn't be surprising since that link is to the abstract DAO). Basically, this should just be adding all the alerts in the metaalert back into the updated version of the document before passing it to the update. It also needs an associated test case.
This fix should be made against master and pulled into the Solr branch (and the metaalerts PR afterwards). SeeĀ https://github.com/apache/metron/blob/e59059bd9707a6ca46c4137d796b8f2943f06b43/metron-platform/metron-elasticsearch/src/main/java/org/apache/metron/elasticsearch/dao/ElasticsearchMetaAlertDao.java#L351. Main thing might just be reordering the class to build the metaalert update itself after grabbing all the alerts.
Attachments
Issue Links
- links to
