vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-05-02 00:40:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Use first_seen instead of tstamp for flow alerts lookups

Browse source
This commit is contained in:
Alfredo Cardigliano 2022-03-14 18:44:06 +01:00
parent b629c61e52
commit 873fad2966
2 changed files with 19 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

15
scripts/lua/modules/alert_store/alert_store.lua
View file

@ -149,6 +149,13 @@ end
-- ##############################################
--@brief Return the indexed tstamp column (for flow alerts this is first_seen)
function alert_store:_get_tstamp_column_name()
return "tstamp"
end
-- ##############################################
--@brief Add filters on time
--@param epoch_begin The start timestamp
--@param epoch_end The end timestamp
@ -161,8 +168,12 @@ function alert_store:add_time_filter(epoch_begin, epoch_end)
self._epoch_begin = tonumber(epoch_begin)
self._epoch_end = tonumber(epoch_end)
self:add_filter_condition_raw('tstamp',
string.format("tstamp >= %u AND tstamp <= %u", self._epoch_begin, self._epoch_end))
local tstamp_column = self:_get_tstamp_column_name()
self:add_filter_condition_raw(tstamp_column,
string.format("%s >= %u AND %s <= %u",
tstamp_column, self._epoch_begin,
tstamp_column, self._epoch_end))
end
return true