I just wanted to send an update on where we are at. We've gotten a lot done here recently as you can see below.
✓ DONE (1) First, METRON-1289 needs to go in. This one was a fairly big effort and I am hearing that we are pretty close. ✓ DONE (2) METRON-1294 fixes an issue in how field types are looked-up. ✓ DONE (3) METRON-1290 is next. While this may have been fixed in M-1289, there may be some test cases we want from this PR. ✓ DONE (4) METRON-1301 addresses a problem with the sorting logic. ✓ DONE (5) METRON-1291 fixes an issue with escalation of metaalerts. (6) That leads us to Raghu's UI work in METRON-1252. This introduces the UI bits that depend on all the previous backend work. (7) At this point, we should have our best effort at running Metaalerts on Elasticsearch 2.x. I propose that we cut a release here. (8) After we cut the release, we can introduce the work for ES 5.x in METRON-939. I know we will need lots of help testing and reviewing this one. We also have an outstanding question that needs resolved BEFORE we release. We need to come to a consensus on how to release having moved our Bro Plugin to a separate repo. I don't think we've heard from everyone on this. I'd urge everyone to chime in so we can choose a path forward. If anyone is totally confused in regards to that discussion, I can try and send an options summary again as a separate discuss thread. The original chain was somewhere around here [1]. [1] https://lists.apache.org/thread.html/54a4474881b97e559df24728b3a0e923a58345a282451085eef832ef@%3Cdev.metron.apache.org%3E On Wed, Nov 15, 2017 at 10:04 AM, Nick Allen <n...@nickallen.org> wrote: > Hi Guys - > > I want to follow-up on this discussion. It sounds like most people are in > agreement with the general approach. > > A lot of people have been working hard on Metaalerts and Elasticsearch. I > have checked-in with those doing the heavy lifting and have compiled a more > detailed plan based on where we are at now. To the best of my knowledge > here is the plan of attack for finishing out this effort. > > (1) First, METRON-1289 needs to go in. This one was a fairly big effort > and I am hearing that we are pretty close. > > (2) METRON-1294 fixes an issue in how field types are looked-up. > > (3) METRON-1290 is next. While this may have been fixed in M-1289, > there may be some test cases we want from this PR. > > (4) METRON-1301 addresses a problem with the sorting logic. > > (5) METRON-1291 fixes an issue with escalation of metaalerts. > > (6) That leads us to Raghu's UI work in METRON-1252. This introduces > the UI bits that depend on all the previous backend work. > > (7) At this point, we should have our best effort at running Metaalerts > on Elasticsearch 2.x. I propose that we cut a release here. > > (8) After we cut the release, we can introduce the work for ES 5.x in > METRON-939. I know we will need lots of help testing and reviewing this > one. > > Please correct me if I am wrong. I will try and send out updates as we > make progress. > > > > > > On Mon, Nov 6, 2017 at 1:03 PM, zeo...@gmail.com <zeo...@gmail.com> wrote: > >> I agree, I think it's very reasonable to move in line with Nick's >> proposal. I would also suggest that we outline what the target versions >> would be to add in the METRON-777 components, since it has been functional >> for a very long time but not reviewed and has some really rockstar >> improvements. >> >> Jon >> >> On Mon, Nov 6, 2017 at 12:56 PM Otto Fowler <ottobackwa...@gmail.com> >> wrote: >> >> > I think the ES cutover should be the start of the 0.5.x series, and we >> > continue on with 0.4.x for the >> > metadata improvements etc. We could chose to focus 0.5.x’s first >> releases >> > on not only ES but >> > getting a handle on kibana and the mpack situation as well. >> > >> > >> > >> > >> > On November 6, 2017 at 12:48:45, Michael Miklavcic ( >> > michael.miklav...@gmail.com) wrote: >> > >> > I agree with your proposal, Nick. I think having a stabilizing release >> > prior to upgrading ES/Kibana makes sense. >> > >> > On Mon, Nov 6, 2017 at 9:16 AM, Nick Allen <n...@nickallen.org> wrote: >> > >> > > I would like to start a discussion around upcoming releases. We have a >> > > couple separate significant tracks of work that we need to reconcile >> in >> > our >> > > release schedule. >> > > >> > > (1) We have had (and have in review) a good number of bug fixes >> required >> > to >> > > support Metaalerts on the existing Elasticsearch 2.x infrastructure. >> > > >> > > >> > > (2) We also have ongoing work to upgrade our infrastructure to >> > > Elasticsearch 5.x, which will not be backwards compatible. >> > > >> > > >> > > I would like to see a release that has our best work on ES 2.x before >> we >> > > migrate to 5.x. I would propose the following. >> > > >> > > Release N+1: Introduce Metaalerts running on ES 2.x >> > > >> > > Release N+2: Cut-over to ES 5.x >> > > >> > > >> > > (Q) Is it worth cutting a separate release for ES 2.x? Is there a >> better >> > > way to handle the cut-over to 5.x? >> > > >> > >> -- >> >> Jon >> > >
