Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support hourly index patterns #1328

Merged
merged 5 commits into from
Dec 3, 2023
Merged

Conversation

jmacdone
Copy link
Contributor

@jmacdone jmacdone commented Dec 2, 2023

Description

Collect otherwise missing data for top_count_keys for those indexing hourly with a %H pattern, eg. logstash-%Y.%m.%d.%H
Previously format_index() assumed daily was the most granular indexing.

See also #1326

Checklist

  • I have reviewed the contributing guidelines.
  • I have included unit tests for my changes or additions.
  • I have successfully run make test-docker with my changes.
  • I have manually tested all relevant modes of the change in this PR.
  • I have updated the documentation.
  • I have updated the changelog.

Questions or Comments

test-docker

py311: OK (575.05=setup[483.55]+cmd[89.54,1.97] seconds)
docs: OK (481.68=setup[466.33]+cmd[15.35] seconds)
congratulations :) (1056.81 seconds)

jmacdone pushed a commit to jmacdone/elastalert2 that referenced this pull request Dec 2, 2023
Copy link
Owner

@jertel jertel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for adding the test coverage and cleaning up the logic in the original function. I included a suggested logic change in my feedback.

elastalert/util.py Outdated Show resolved Hide resolved
elastalert/util.py Outdated Show resolved Hide resolved
elastalert/util.py Outdated Show resolved Hide resolved
@jmacdone jmacdone force-pushed the bugfix/hourly-index branch from a78ad35 to 5e5a462 Compare December 3, 2023 00:44
James Macdonell and others added 4 commits December 2, 2023 16:47
Otherwise there is missing data from top_count_keys for those indexing with logstash-%Y.%m.%d.%H
add_extra intended to include an extra index, not an extra day of
indexes

Co-authored-by: Jason Ertel <jertel@users.noreply.github.com>
@jmacdone jmacdone force-pushed the bugfix/hourly-index branch from 5e5a462 to 312bd35 Compare December 3, 2023 00:48
@jmacdone
Copy link
Contributor Author

jmacdone commented Dec 3, 2023

  • committed @jertel 's suggested changes with fix-ups
  • updated the unit test to reflect intended meaning of the add_extra param
  • rebased from master

@jertel jertel merged commit adf1570 into jertel:master Dec 3, 2023
1 check passed
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 17, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants