vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-05-02 00:40:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix alert exclusion with clickhouse view (#6556)

Browse source
This commit is contained in:
Alfredo Cardigliano 2022-04-29 16:33:54 +02:00
parent 515af750b6
commit 8a8805167a
1 changed files with 20 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

21
scripts/lua/modules/alert_store/flow_alert_store.lua
View file

@ -77,7 +77,26 @@ function alert_store:delete()
local q
if ntop.isClickHouseEnabled() then
if self._write_table_name then
q = string.format("ALTER TABLE `%s` DELETE WHERE FLOW_ID = '%s' ", self._write_table_name, self._where.rowid.any[1].value)
local where_clause = ''
-- Used by 'Remove'
if self._where.rowid then
where_clause = string.format("%s %s FLOW_ID = '%s' ", where_clause, ternary(isEmptyString(where_clause), '', 'AND'), self._where.rowid.any[1].value)
end
-- Used by 'Exclude Checks'
if self._where.alert_id then
where_clause = string.format("%s %s STATUS = %u ", where_clause, ternary(isEmptyString(where_clause), '', 'AND'), self._where.alert_id.any[1].value)
end
if self._where.ip then
if isIPv4(self._where.ip.any[1].value) then
where_clause = string.format("%s %s (IPV4_SRC_ADDR = IPv4StringToNum('%s') OR IPV4_DST_ADDR = IPv4StringToNum('%s')) ", where_clause, ternary(isEmptyString(where_clause), '', 'AND'), self._where.ip.any[1].value, self._where.ip.any[1].value)
else
where_clause = string.format("%s %s (IPV6_SRC_ADDR = IPv6StringToNum('%s') OR IPV6_DST_ADDR = IPv6StringToNum('%s')) ", where_clause, ternary(isEmptyString(where_clause), '', 'AND'), self._where.ip.any[1].value, self._where.ip.any[1].value)
end
end
q = string.format("ALTER TABLE `%s` DELETE WHERE %s ", self._write_table_name, where_clause)
else
q = string.format("ALTER TABLE `%s` DELETE WHERE %s ", self._table_name, where_clause)
end