Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Elasticsearch alarms integration improvements

Description

A number of minor improvements identified by a beta user to the Alarm Change Notifier and Elastic Search Interface to make it more usable when generating reports. These include

  • additional node asset fields in ES events - region,site,rack, location lat and lon

  • node category included in Alarm Change Notifier events

  • initial severity not on all alarms ( alarm created event)

  • severity as integer type instead of text in ES index

  • alarm duration in final alarm

  • alarm duration to first acknowledge alarm

branch for enhancements jira/NMS-9159 (based on foundation-2017)

https://github.com/OpenNMS/opennms/tree/jira/NMS-9159

pull request https://github.com/OpenNMS/opennms/pull/1364

Acceptance / Success Criteria

None

Lucidchart Diagrams

Activity

Show:

Craig Gallen April 10, 2017 at 7:03 AM

see see for fix to reverted changes

Seth Leger March 29, 2017 at 4:49 PM

PR merged, marking as fixed. The only improvement that had to be reverted was the conversion of p_severity, p_initialseverity and p_oldseverity to long datatype since the parm names may overlap other parms that cannot be converted to long integers.

Seth Leger March 28, 2017 at 3:29 PM

This error is being caused because the ES forwarder code assumes that any parm named "severity" must be of type "long" (integer). However, syslog events use parm "severity" to indicate the syslog severity in string format.

I think we'll have to roll back forcing p_severity (and other parm values) to be an integer in the ES schema because of conflicts like this. If the alarm change notifier code needs to coerce parm values to long/date/whatever, it needs to use globally unique parm names to make sure that conflicts like this don't occur, something like alarmChangeSeverity instead of just severity.

Seth Leger March 28, 2017 at 11:19 AM

The build for this branch is currently failing because of a data type mismatch for p_severity:

2017-03-25 14:33:05,151 ERROR opennms-es-rest.main-module:19.0.0.SNAPSHOT(199) [EventToIndex-Thread-16] org.opennms.plugins.elasticsearch.rest.EventToIndex: Error while performing PUT on Elasticsearch index: opennms-events-raw-2017.03, type: eventdata received result: {"error":{"root_cause":[{"type":"mapper_parsing_exception","reason":"failed to parse [p_severity]"}],"type":"mapper_parsing_exception","reason":"failed to parse [p_severity]","caused_by":{"type":"number_format_exception","reason":"For input string: \"Info\""}},"status":400} response code: 400 error message: {"root_cause":[{"type":"mapper_parsing_exception","reason":"failed to parse [p_severity]"}],"type":"mapper_parsing_exception","reason":"failed to parse [p_severity]","caused_by":{"type":"number_format_exception","reason":"For input string: \"Info\""}}

David Hustace March 6, 2017 at 1:44 PM

Would be interesting to figure out how we could implement the functionality without having to put logic in the DB.

Fixed

Details

Assignee

Reporter

Components

Sprint

Fix versions

Affects versions

Priority

PagerDuty

Created February 28, 2017 at 8:12 AM
Updated April 10, 2017 at 7:03 AM
Resolved March 29, 2017 at 4:49 PM