Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-11473

Use composite aggregation instead of convo_key field from flow documents

    XMLWordPrintable

    Details

    • Type: Story
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: None
    • Fix Version/s: 25.0.0
    • Component/s: None
    • Security Level: Default (Default Security Scheme)
    • Labels:

      Description

      The 'convo_key' fields is currently used for grouping flow documents together that form a single "conversation". We should remove this field, and compute it dynamically using a [composite aggregation|https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-composite-aggregation.html] instead.

       

      Example of field value:

       

        netflow.convo_key     ["WAGON",17,"1.1.1.1","10.145.145.114","domain"]

        Attachments

          Activity

            People

            • Assignee:
              mbrooks Matthew Brooks
              Reporter:
              j-white Jesse White
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: