[ https://issues.apache.org/jira/browse/METRON-1226?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16197042#comment-16197042 ]
ASF GitHub Bot commented on METRON-1226: ---------------------------------------- Github user nickwallen commented on a diff in the pull request: https://github.com/apache/metron/pull/793#discussion_r143481097 --- Diff: metron-platform/metron-elasticsearch/src/main/java/org/apache/metron/elasticsearch/utils/ElasticsearchUtils.java --- @@ -45,15 +49,30 @@ public static SimpleDateFormat getIndexFormat(Map<String, Object> globalConfig) return DATE_FORMAT_CACHE.get().computeIfAbsent(format, SimpleDateFormat::new); } + /** + * Builds the name of an Elasticsearch index. + * @param sensorType The sensor type; bro, yaf, snort, ... + * @param indexPostfix The index postfix; most often a formatted date. + * @param configurations User-defined configuration for the writers. + */ public static String getIndexName(String sensorType, String indexPostfix, WriterConfiguration configurations) { String indexName = sensorType; if (configurations != null) { indexName = configurations.getIndex(sensorType); } - indexName = indexName + "_index_" + indexPostfix; + indexName = indexName + getIndexDelimiter() + "_" + indexPostfix; return indexName; } + /** + * Returns the delimiter that is appended to the user-defined index name to separate + * the index's date postfix. For example, if the user-defined index name is 'bro' + * and the delimiter is '_index_', then one likely index name is 'bro_index_2017.10.03.19'. + */ + public static String getIndexDelimiter() { --- End diff -- Honestly, I have no idea. I went down a dangerous rabbit hole making tons of changes, then backed myself out to just what is in this PR. It might have been for changes that I backed out. Making it a `static final String` certainly would be more expected. I'll fix it. > Searching Can Errantly Query the Wrong Indices > ---------------------------------------------- > > Key: METRON-1226 > URL: https://issues.apache.org/jira/browse/METRON-1226 > Project: Metron > Issue Type: Bug > Reporter: Nick Allen > Assignee: Nick Allen > > The ElasticsearchDAO can errantly query the wrong indices under certain > conditions. This can occur when there are at least two different sensors > that have been configured with a similar name prefix. > For example, if you have have configured both a "snort" and "snort_v2" > sensor, the query generated by the ElasticsearchDAO will hit both of those > indices, when in fact only one or the other is desired. -- This message was sent by Atlassian JIRA (v6.4.14#64029)