Agreed on adding a GUID. On Fri, Feb 24, 2017 at 8:54 AM, David Lyle <dlyle65...@gmail.com> wrote:
> Yeah, +1 to that. We'll definitely need a GUID (well, event ID, so GUEID). > Probably calculated pre-parse. > > -D... > > > On Fri, Feb 24, 2017 at 9:48 AM, Casey Stella <ceste...@gmail.com> wrote: > > > Regarding alert ID, it seems like this is the kind of thing which should > be > > uniform for all the different types of indices: solr and HDFS. You might > > (and probably do) want to be able to join between IDs in HDFS and ES or > > Solr, for instance, so it probably shouldn't be tied to the ES ID. We > > might want to make a Metron ID that is baked into the parsers and is a > > SHA-2 hash of the data. > > > > > > > > On Fri, Feb 24, 2017 at 9:29 AM, Ryan Merriman <merrim...@gmail.com> > > wrote: > > > > > Related to the 'What does "Escalate" do' question, one topic that needs > > > some discussion is how we integrate with 3rd party ticketing systems. > > How > > > should we design this extension point? Some basic requirements could > be > > > that a call is made to somewhere with the alert as the payload and some > > > kind of ticket or issue id is received as a response. This is a very > > > open-ended question and there are likely several different ways we go > do > > > it. > > > > > > As for Casey's other points: > > > > > > - The most obvious choice for alert id would be the id in > elasticsearch. > > > Are there other ids we should consider? > > > - Configurable display fields makes a lot of sense to me and should not > > be > > > complex to implement. > > > - Agreed on offering intuitive ways to filter messages by fields. > > > > > > Ryan > > > > > > On Thu, Feb 23, 2017 at 6:42 PM, Casey Stella <ceste...@gmail.com> > > wrote: > > > > > > > - What does "Escalate" do exactly? > > > > - Where does the Alert ID come from? > > > > - Are the fields displayed configurable? > > > > - It'd be nice to be able to select a set of fields for a message > > and > > > > have the list of messages filter to just those where those fields > > are > > > > the > > > > same as the one viewed. > > > > > > > > > > > > On Thu, Feb 23, 2017 at 3:24 PM, Houshang Livian < > > > hliv...@hortonworks.com> > > > > wrote: > > > > > > > > > Hello Metron Community, > > > > > > > > > > We have mocked up an Alerts UI for Metron for your consideration. > > > Please > > > > > take a look and share your thoughts. > > > > > > > > > > Here is a link to our thoughts on this: > > > > > http://imgur.com/a/KMTKN > > > > > > > > > > Does this look like a reasonable place to start? > > > > > Is there anything that is an absolute MUST have or MUST NOT have? > > > > > > > > > > Houshang Livian > > > > > > > > > > > > > > > > > > > > > > > > >
