metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ali Nazemian <>
Subject Re: Metron Alert UI and zero-down time Elasticsearch re-index
Date Sat, 06 Jan 2018 01:33:00 GMT
Hi James,

Due to changes in the field format, I want to create a new index with the
new format. Create an alias to refer to both new and old index. Then, copy
all the documents from the old index to the new index and use the alias to
search through Metron Alert UI and Kibana to avoid any downtime. Handling
it in Kibana is easy. However, Metron Alert UI shows duplicate documents. I
want to limit Metron Alert UI somehow to read alias instead of both
underneath indices (old index and new index).

P.S: all of your messages in the mailing list end up in my spam for some


On Thu, Jan 4, 2018 at 5:48 PM, James Sirota <> wrote:

> Hi Ali, I am not sure I understand what you are trying to do.  Are you
> trying to change the name on the old index, add it to the alias, and then
> re-index and give the new index the name of the old index?
> 01.01.2018, 22:30, "Ali Nazemian" <>:
> > Hi All,
> >
> > We are using an older version of Metron Alert-UI (Received in Oct 2017)
> > which sends search queries to ES directly without using Metron Rest API.
> We
> > wanted to run a zero-downtime ES reindex process by using ES aliasing.
> > However, I am not sure how it will impact the search part of Alert-UI
> > because we need to change it to refer to the alias instead of the old
> index
> > name. Please advise how it can be covered in the older version of Metron
> > Alert-UI.
> >
> > Regards,
> > Ali
> -------------------
> Thank you,
> James Sirota
> PMC- Apache Metron
> jsirota AT apache DOT org


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message