metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ali Nazemian <alinazem...@gmail.com>
Subject Re: Metron Alert UI and zero-down time Elasticsearch re-index
Date Mon, 15 Jan 2018 01:22:18 GMT
It would be great if we can have some help on this issue.

Cheers,
Ali

On Sat, Jan 6, 2018 at 12:33 PM, Ali Nazemian <alinazemian@gmail.com> wrote:

> Hi James,
>
> Due to changes in the field format, I want to create a new index with the
> new format. Create an alias to refer to both new and old index. Then, copy
> all the documents from the old index to the new index and use the alias to
> search through Metron Alert UI and Kibana to avoid any downtime. Handling
> it in Kibana is easy. However, Metron Alert UI shows duplicate documents. I
> want to limit Metron Alert UI somehow to read alias instead of both
> underneath indices (old index and new index).
>
> P.S: all of your messages in the mailing list end up in my spam for some
> reason!
>
> Cheers,
> Ali
>
> On Thu, Jan 4, 2018 at 5:48 PM, James Sirota <jsirota@apache.org> wrote:
>
>> Hi Ali, I am not sure I understand what you are trying to do.  Are you
>> trying to change the name on the old index, add it to the alias, and then
>> re-index and give the new index the name of the old index?
>>
>> 01.01.2018, 22:30, "Ali Nazemian" <alinazemian@gmail.com>:
>> > Hi All,
>> >
>> > We are using an older version of Metron Alert-UI (Received in Oct 2017)
>> > which sends search queries to ES directly without using Metron Rest
>> API. We
>> > wanted to run a zero-downtime ES reindex process by using ES aliasing.
>> > However, I am not sure how it will impact the search part of Alert-UI
>> > because we need to change it to refer to the alias instead of the old
>> index
>> > name. Please advise how it can be covered in the older version of Metron
>> > Alert-UI.
>> >
>> > Regards,
>> > Ali
>>
>> -------------------
>> Thank you,
>>
>> James Sirota
>> PMC- Apache Metron
>> jsirota AT apache DOT org
>>
>
>
>
> --
> A.Nazemian
>



-- 
A.Nazemian

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message