[FEATURE] Alias Mapping Management Service #250
Labels
enhancement
New feature or request
Comments
riysaxen-amzn
pushed a commit
to riysaxen-amzn/security-analytics
that referenced
this issue
Feb 20, 2024
…search-project#250 (opensearch-project#267) Signed-off-by: Jovan Cvetkovic <[email protected]> Signed-off-by: Jovan Cvetkovic <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem?
When index pattern, alias or datastream is used as input indexName for Detector, with latest changes to Mapper APIs(#154 and #169) we support proper creation/execution of Detector. What we miss currently is re-applying alias mappings when user adds new index to index pattern, alias or datastream(for example, as a result of Rollover API). This will prevent some or all rules to be inserted in queryIndex.
What solution would you like?
Create Alias Mapping Management Service which would listen for creation of new indices (ClusterChangedEvent) and re-apply alias mappings if newly created index belongs to any of Detector Inputs' index pattern/alias/datastream. Alias Mappings would be first retrieved (via GetIndexMappings API) from existing WriteIndex or newest index by creation date, in case of index pattern and then applied to newly created index
What alternatives have you considered?
Using index templates. Issue with this is that only 1 index template is applied based on priority. We would have to update existing user's datastream index template or any other existing template for that index pattern.
The text was updated successfully, but these errors were encountered: