search

etsy / 411

An Alert Management Web Application
https://demo.fouroneone.io
MIT License
971 stars 112 forks source link

Multiple Indices #3

Closed gromit6891 closed 8 years ago

gromit6891 commented 8 years ago

Within config.php, is it possible to create another section to query a logstash index of a different name? I tried adding one but it doesn't come up as an option when creating a new Search.

Example:

# Configuration for the logstash index that 411 queries.
    'logstash' => [
        'hosts' => ['http://192.168.0.11:9200'],
        'index_hosts' => [],
        'index' => 'logstash-apache',
        'date_based' => true,
        'date_field' => '@timestamp',
        'src_url' => null,
    ],
     # Syslog configuration
    'syslog' => [
        'hosts' => ['http://192.168.0.11:9200'],
        'index_hosts' => [],
        'index' => 'syslog',
        'date_based' => true,
        'date_field' => '@timestamp',
        'src_url' => null,
    ],
];
kiwiz commented 8 years ago

Unfortunately, doing this is a bit tricky at the moment:

  1. Create the new Search class in phplib/Search/.
  2. Add the new class to the type array in phplib/Search.php.

For your particular case, you can use the following two commands:

  1. sed 's/Logstash/Syslog/g; s/logstash/syslog/g' phplib/Search/Logstash.php > phplib/Search/Syslog.php;
  2. sed -i -E 's/(\$TYPES = \[.+?)(];)/\1, '\'Syslog_Search\''\2/' phplib/Search.php

Let me know if that works for you!

gromit6891 commented 8 years ago

Great thanks! Just one issue left now; when creating a search using Syslog as a source the 'Fields' & 'Description' fields are missing/not rendered. These seem to be referenced by /var/www/411/htdocs/assets/templates/searches/search/elasticsearch/b.html Is there something more that needs to be done?

kiwiz commented 8 years ago

Whoops, forgot one step. Since this is an Elasticsearch search, you have to register it as such on the frontend. Add the following line to this file: SearchView.registerSubclass('syslog', ElasticsearchSearchView);

Or apply this diff:

diff --git a/htdocs/assets/js/views/searches/search/load.js b/htdocs/assets/js/views/searches/search/load.js
index 50e61fb..b6db825 100644
--- a/htdocs/assets/js/views/searches/search/load.js
+++ b/htdocs/assets/js/views/searches/search/load.js
@@ -20,2 +20,3 @@ define(function(require) {
     SearchView.registerSubclass('logstash', ElasticsearchSearchView);
+    SearchView.registerSubclass('syslog', ElasticsearchSearchView);
     SearchView.registerSubclass('alert', ElasticsearchSearchView);
gromit6891 commented 8 years ago

I made the change to register the new subclass in load.js, but still not seeing the 'Fields' & 'Description' fields. Running the Test function does retrieve valid data though.

kiwiz commented 8 years ago

Run grunt prod to rebuild assets and you should be (hopefully) good to go!

gromit6891 commented 8 years ago

That did the trick! Again, great project so many features.