diff --git a/config_example.php b/config_example.php index 6b6bc62..ab7f2cd 100644 --- a/config_example.php +++ b/config_example.php @@ -100,6 +100,8 @@ * All other strings are interpretted via PHP's date formatting syntax. * 'src_url': A server name for generating source links. * Ex: 'https://localhost:5601' + * + * 'src_index_pattern_id': index pattern id to use in source links */ # Configuration for the 411 Alerts index. @@ -129,6 +131,7 @@ 'date_field' => '@timestamp', 'date_type' => null, 'src_url' => null, + 'src_index_pattern_id' => null ], ]; diff --git a/phplib/Search/Elasticsearch.php b/phplib/Search/Elasticsearch.php index d1e82ba..91449bb 100644 --- a/phplib/Search/Elasticsearch.php +++ b/phplib/Search/Elasticsearch.php @@ -37,8 +37,15 @@ protected function _getLink(Alert $alert) { public function generateAlertLink($index, $type, $id) { $cfg = $this->getConfig(); - $index_pattern = $cfg['date_based'] ? \ESQuery\Util::generateKibanaPattern($cfg['index']):$cfg['index']; - return sprintf('%s/app/kibana#/doc/%s/%s/%s?%s', $cfg['src_url'], $index_pattern, $index, $type, http_build_query(['id' => $id])); + + if($cfg['src_index_pattern_id']) { + $index_id = $cfg['src_index_pattern_id']; + + } else { + $index_id = $cfg['date_based'] ? \ESQuery\Util::generateKibanaPattern($cfg['index']) : $cfg['index']; + } + + return sprintf('%s/app/kibana#/doc/%s/%s/%s?%s', $cfg['src_url'], $index_id, $index, $type, http_build_query(['id' => $id])); } public function generateLink($query, $start, $end) { @@ -47,10 +54,16 @@ public function generateLink($query, $start, $end) { return null; } - $index_pattern = $cfg['date_based'] ? \ESQuery\Util::generateKibanaPattern($cfg['index']):$cfg['index']; + if($cfg['src_index_pattern_id']) { + $index_id = $cfg['src_index_pattern_id']; + + } else { + $index_id = $cfg['date_based'] ? \ESQuery\Util::generateKibanaPattern($cfg['index']) : $cfg['index']; + } + $parser = new \ESQuery\Parser; try { - return $parser->generateUrl($query, $start, $end, $cfg['src_url'], $index_pattern); + return $parser->generateUrl($query, $start, $end, $cfg['src_url'], $index_id); } catch(\ESQuery\Exception $e) { return null; }