Skip to content
Permalink
Browse files

Revert "Use wildcard in indices for searching"

This reverts commit 3e93e5e.
  • Loading branch information...
pwnbus committed May 29, 2019
1 parent 5907acc commit d4e7a946886498f654fbe915fee679875a766976
@@ -106,10 +106,7 @@ def __init__(self):
self._configureKombu()
self._configureES()

# We want to select all event indices
# and filter out the window based on timestamp
# from the search query
self.event_indices = ["events-*"]
self.event_indices = ['events', 'events-previous']

def classname(self):
return self.__class__.__name__
@@ -26,7 +26,7 @@ def getESAlerts(es):
# We use an ExistsMatch here just to satisfy the
# requirements of a search query must have some "Matchers"
search_query.add_must(ExistsMatch('summary'))
results = search_query.execute(es, indices=['alerts-*'], size=10000)
results = search_query.execute(es, indices=['alerts'], size=10000)
return results


@@ -46,7 +46,7 @@ def add_should(self, input_obj):
def add_aggregation(self, input_obj):
self.append_to_array(self.aggregation, input_obj)

def execute(self, elasticsearch_client, indices=['events-*'], size=1000, request_timeout=30):
def execute(self, elasticsearch_client, indices=['events', 'events-previous'], size=1000, request_timeout=30):
if self.must == [] and self.must_not == [] and self.should == [] and self.aggregation == []:
raise AttributeError('Must define a must, must_not, should query, or aggregation')

@@ -80,10 +80,7 @@ def onMessage(self, request, response):
search_query.add_aggregation(Aggregation('details.success'))
search_query.add_aggregation(Aggregation('details.username'))

# We want to select all event indices
# and filter out the window based on timestamp
# from the search query
results = search_query.execute(es_client, indices=['events-*'])
results = search_query.execute(es_client, indices=['events','events-previous'])

# any usernames or words to ignore
# especially useful if ES is analyzing the username field and breaking apart user@somewhere.com

0 comments on commit d4e7a94

Please sign in to comment.
You can’t perform that action at this time.