Skip to content
This repository has been archived by the owner on May 12, 2021. It is now read-only.

METRON-1849 Elasticsearch Index Write Functionality Should be Shared #1254

Closed
wants to merge 52 commits into from
Closed

METRON-1849 Elasticsearch Index Write Functionality Should be Shared #1254

wants to merge 52 commits into from

Conversation

nickwallen
Copy link
Contributor

@nickwallen nickwallen commented Nov 5, 2018
edited
Loading

The Elasticsearch index write functionality is currently duplicated between the ElasticsearchWriter and the ElasticsearchUpdateDao. This functionality needs to be de-duplicated and shared between the two. This will help ensure that any changes that need to be made to how alerts are written, for instance whether the client sets a document ID, are implemented and tested in the same way across Metron.

This change depends on the following PRs. Once these predecessors are addressed, review of this will be much simpler.

Changes

  • Created the BulkDocumentWriter and ElasticsearchBulkDocumentWriter that are responsible for writing messages/alerts/documents to an Elasticsearch index.

  • The ElasticsearchWriter uses a BulkDocumentWriter<TupleBasedDocument> to index messages in Elasticsearch.

  • The ElasticsearchWriter actually writes TupleBasedDocument POJOS that extend Document. This allows it to maintain the relationship between a tuple and the document created from a tuple. If a Document fails to write, we need to fail the associated tuple.

  • The scope of the ElasticsearchWriter tests were increased since this was now easier with the new abstractions.

  • The ElasticsearchUpdateDao uses a BulkDocumentWriter<Document> to update alerts for the Alerts UI.

  • The ElasticsearchRetrieveLatestDao was setting the timestamp of all Documents returned to 0. This was causing the tests that I added to fail. I added logic to extract the timestamp from the message and set the Document.timestamp if one exists.

Instead of creating the BulkDocumentWriter abstraction, I also looked at a couple alternatives.

  • Another approach I looked at was to simply have the ElasticsearchWriter use an ElasticsearchUpdateDao. Unfortunately, this quickly led to a large number of changes. The ElasticsearchUpdateDao does not track and record individual failures in a batch. It instead fails fast if any single update in a batch fails. To track individual failures, as needed by the ElasticsearchWriter, would have required changes to the signature of UpdateDao.

  • Another approach was to have the ElasticsearchUpdateDao use an ElasticsearchWriter. Unfortunately, the ElasticsearchWriter is a BulkMessageWriter and requires Storm as a dependency due to its use of TopologyContext. To clean this up would have required a large number of changes.

Testing

Spin-up the Full Dev environment. Use the Alerts UI to:

  • Search for alerts
  • Escalate alerts
  • Add comments to alerts
  • Remove comments from alerts
  • Create meta-alerts
  • Escalate meta-alerts

Pull Request Checklist

  • Is there a JIRA ticket associated with this PR? If not one needs to be created at Metron Jira.
  • Does your PR title start with METRON-XXXX where XXXX is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character.
  • Has your PR been rebased against the latest commit within the target branch (typically master)?
  • Have you included steps to reproduce the behavior or problem that is being changed or addressed?
  • Have you included steps or a guide to how the change may be verified and tested manually?
  • Have you ensured that the full suite of tests and checks have been executed in the root metron folder via:
  • Have you written or updated unit tests and or integration tests to verify your changes?
  • If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?
  • Have you verified the basic functionality of the build by building and running locally with Vagrant full-dev environment or the equivalent?

cestella and others added 30 commits October 8, 2018 18:06
@cestella @mmiklavc
Casey Stella - elasticsearch rest client migration base work
a7c7dc2
@mmiklavc
Update shade plugin version
10410ea
@mmiklavc
Fix es update dao test
a33a168
@mmiklavc
Merge with master. Fix es search integration tests
52c3c96
@mmiklavc
Merge branch 'master' into es-rest-client
4742832
@mmiklavc
Get shade plugin working with the new ES client and the ClassIndexTra…
4380996 
…nsformer Shade plugin transformer.
@mmiklavc
Introduce config classes for managing ES client configuration. Transl…
af03f6f 
…ate properties for new client.
@mmiklavc
Resolve merge conflicts with master
1c8eac2
@mmiklavc
Remove extra deps in metron-elasticsearch around log4j.
1a47ded
@mmiklavc
Fixes for dep version issues.
54870d6
@nickwallen
METRON-1845 Correct Test Data Load in Elasticsearch Integration Tests
554de87
@nickwallen
Removed dead function
3b95d1e
@nickwallen
Part way through Solr changes that I am going to roll-back
7d9ee25
@nickwallen
Revert "Part way through Solr changes that I am going to roll-back"
e699386 
This reverts commit 7d9ee25.
@mmiklavc
Merge branch 'master' into es-rest-client
dd024b8
@nickwallen
Resolved integration test differences with Solr
4a7a837
@mmiklavc
Start addressing pr feedback.
ebb7ef5
@nickwallen
METRON-1849 Added integration test for UpdateDao.update() and UpdateD…
3581117 
…ao.batchUpdate()
@mmiklavc
Addressing review feedback
b7ac957
@nickwallen
METRON-1849 Progress on shared write logic
c0faab2
@nickwallen
METRON-1849 Progress on tests, still integration tests to fix-up
021810a
@nickwallen
METRON-1845 Added license header
0564970
@nickwallen
Most tests working except for a few
f1c8ce4
@mmiklavc
Refactor clientfactory. Updates to metron-common, metron-elasticsearc…
3e5c121 
…h, and kerberos/security documentation
@nickwallen
Fixed all tests
d4b02ce
@nickwallen
Merge remote-tracking branch 'mike/es-rest-client' into METRON-1849
fb5610b
@nickwallen
Fixed how client is created
c3b2836
@nickwallen
Improved docs
4539f43
@nickwallen
Small cleanup
32467b3
@nickwallen
Removed the IndexedDocument class to simplify things
55afca4
@nickwallen nickwallen mentioned this pull request Nov 16, 2018
Closed
12 tasks
justinleet
justinleet reviewed Dec 10, 2018
View reviewed changes
...-elasticsearch/src/main/java/org/apache/metron/elasticsearch/dao/ElasticsearchUpdateDao.java Show resolved Hide resolved
...sticsearch/src/main/java/org/apache/metron/elasticsearch/bulk/BulkDocumentWriterResults.java Outdated Show resolved Hide resolved
...ron-elasticsearch/src/main/java/org/apache/metron/elasticsearch/bulk/BulkDocumentWriter.java Outdated Show resolved Hide resolved
...arch/src/main/java/org/apache/metron/elasticsearch/bulk/ElasticsearchBulkDocumentWriter.java Outdated Show resolved Hide resolved
...arch/src/main/java/org/apache/metron/elasticsearch/bulk/ElasticsearchBulkDocumentWriter.java Outdated Show resolved Hide resolved
...asticsearch/src/test/java/org/apache/metron/elasticsearch/writer/BulkDocumentWriterStub.java Outdated Show resolved Hide resolved
@justinleet
Copy link
Contributor

+1, pending Travis and @mmiklavc. Thanks a lot, it's great to see this cleaned up and refactored!

@mmiklavc
Copy link
Contributor

+1 lgtm with the latest changes, thanks for the submission @nickwallen!

@nickwallen
Copy link
Contributor Author

nickwallen commented Dec 11, 2018
edited
Loading

Thanks for the feedback @justinleet and @mmiklavc . It turned out better for it. I will merge once the latest CI build completes.

@asfgit asfgit closed this in ec3b98f Dec 11, 2018
JonZeolla pushed a commit to JonZeolla/metron that referenced this pull request Jan 24, 2019
@nickwallen @JonZeolla
METRON-1849 Elasticsearch Index Write Functionality Should be Shared …
73971f4 
…(nickwallen) closes apache#1254
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@justinleet justinleet justinleet left review comments

@mmiklavc mmiklavc mmiklavc left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@nickwallen @justinleet @mmiklavc @cestella