use of org.apache.metron.elasticsearch.dao.ElasticsearchMetaAlertDao.METAALERTS_INDEX in project metron by apache.
the class ElasticsearchMetaAlertUpdateDao method update.
@Override
public Document update(Document update, Optional<String> index) throws IOException {
if (MetaAlertConstants.METAALERT_TYPE.equals(update.getSensorType())) {
// We've been passed an update to the meta alert.
throw new UnsupportedOperationException("Meta alerts cannot be directly updated");
} else {
Map<Document, Optional<String>> updates = new HashMap<>();
updates.put(update, index);
try {
// We need to update an alert itself. Only that portion of the update can be delegated.
// We still need to get meta alerts potentially associated with it and update.
SearchResponse response = getMetaAlertsForAlert(update.getGuid());
Collection<Document> metaAlerts = response.getResults().stream().map(result -> toDocument(result, update.getTimestamp())).collect(Collectors.toList());
// Each meta alert needs to be updated with the new alert
for (Document metaAlert : metaAlerts) {
replaceAlertInMetaAlert(metaAlert, update);
updates.put(metaAlert, Optional.of(METAALERTS_INDEX));
}
} catch (IndexNotFoundException e) {
List<String> indicesNotFound = e.getMetadata(INDEX_NOT_FOUND_INDICES_KEY);
// Otherwise throw the exception.
if (indicesNotFound.size() != 1 || !METAALERTS_INDEX.equals(indicesNotFound.get(0))) {
throw e;
}
}
// Run the alert's update
elasticsearchDao.batchUpdate(updates);
return update;
}
}
Aggregations