[jira] [Commented] (METRON-1226) Searching Can Errantly Query the Wrong Indices

Mon, 09 Oct 2017 06:55:19 -0700 

    [ 
https://issues.apache.org/jira/browse/METRON-1226?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16197005#comment-16197005
 ] 

ASF GitHub Bot commented on METRON-1226:
----------------------------------------

Github user cestella commented on a diff in the pull request:

    https://github.com/apache/metron/pull/793#discussion_r143473906
  
    --- Diff: 
metron-platform/metron-elasticsearch/src/main/java/org/apache/metron/elasticsearch/utils/ElasticsearchUtils.java
 ---
    @@ -45,15 +49,30 @@ public static SimpleDateFormat 
getIndexFormat(Map<String, Object> globalConfig)
         return DATE_FORMAT_CACHE.get().computeIfAbsent(format, 
SimpleDateFormat::new);
       }
     
    +  /**
    +   * Builds the name of an Elasticsearch index.
    +   * @param sensorType The sensor type; bro, yaf, snort, ...
    +   * @param indexPostfix The index postfix; most often a formatted date.
    +   * @param configurations User-defined configuration for the writers.
    +   */
       public static String getIndexName(String sensorType, String 
indexPostfix, WriterConfiguration configurations) {
         String indexName = sensorType;
         if (configurations != null) {
           indexName = configurations.getIndex(sensorType);
         }
    -    indexName = indexName + "_index_" + indexPostfix;
    +    indexName = indexName + getIndexDelimiter() + "_" + indexPostfix;
         return indexName;
       }
     
    +  /**
    +   * Returns the delimiter that is appended to the user-defined index name 
to separate
    +   * the index's date postfix.  For example, if the user-defined index 
name is 'bro'
    +   * and the delimiter is '_index_', then one likely index name is 
'bro_index_2017.10.03.19'.
    +   */
    +  public static String getIndexDelimiter() {
    --- End diff --
    
    I'm more curious than opposed to this, but is there a strong reason why 
this isn't just a `public static final String`?


> Searching Can Errantly Query the Wrong Indices
> ----------------------------------------------
>
>                 Key: METRON-1226
>                 URL: https://issues.apache.org/jira/browse/METRON-1226
>             Project: Metron
>          Issue Type: Bug
>            Reporter: Nick Allen
>            Assignee: Nick Allen
>
> The ElasticsearchDAO can errantly query the wrong indices under certain 
> conditions.  This can occur when there are at least two different sensors 
> that have been configured with a similar name prefix.
> For example, if you have have configured both a "snort" and "snort_v2" 
> sensor, the query generated by the ElasticsearchDAO will hit both of those 
> indices, when in fact only one or the other is desired.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to