Skip to content
Permalink
Browse files

Merge pull request #1232 from mozilla/use_index_wildcards

Use wildcard in indices for searching
  • Loading branch information...
pwnbus committed May 6, 2019
2 parents 73fe7c9 + 3e93e5e commit 8a0df3ae60255ffde6db53778e1e3664d9a53f8f
@@ -106,7 +106,10 @@ def __init__(self):
self._configureKombu()
self._configureES()

self.event_indices = ['events', 'events-previous']
# We want to select all event indices
# and filter out the window based on timestamp
# from the search query
self.event_indices = ['events-*']

def classname(self):
return self.__class__.__name__
@@ -26,7 +26,7 @@ def getESAlerts(es):
# We use an ExistsMatch here just to satisfy the
# requirements of a search query must have some "Matchers"
search_query.add_must(ExistsMatch('summary'))
results = search_query.execute(es, indices=['alerts'], size=10000)
results = search_query.execute(es, indices=['alerts-*'], size=10000)
return results


@@ -46,7 +46,7 @@ def add_should(self, input_obj):
def add_aggregation(self, input_obj):
self.append_to_array(self.aggregation, input_obj)

def execute(self, elasticsearch_client, indices=['events', 'events-previous'], size=1000, request_timeout=30):
def execute(self, elasticsearch_client, indices=['events-*'], size=1000, request_timeout=30):
if self.must == [] and self.must_not == [] and self.should == [] and self.aggregation == []:
raise AttributeError('Must define a must, must_not, should query, or aggregation')

@@ -80,7 +80,10 @@ def onMessage(self, request, response):
search_query.add_aggregation(Aggregation('details.success'))
search_query.add_aggregation(Aggregation('details.username'))

results = search_query.execute(es_client, indices=['events','events-previous'])
# We want to select all event indices
# and filter out the window based on timestamp
# from the search query
results = search_query.execute(es_client, indices=['events-*'])

# any usernames or words to ignore
# especially useful if ES is analyzing the username field and breaking apart user@somewhere.com

0 comments on commit 8a0df3a

Please sign in to comment.
You can’t perform that action at this time.