Feature #239
postgres specific handling of min and max times in groupings
0%
Description
here is a patch to handle min and max alert time in groupings differently on postgresql than other databases. this patch will not effect mysql or sqllite users.
the methodology used in the patch for postgresql should also be tested under sqllite I suspect it will have the same effect but im not sure.
History
#1 Updated by Yoann VANDOORSELAERE almost 17 years ago
Replying to prmarino1@gmail.com:
here is a patch to handle min and max alert time in groupings differently on postgresql than other databases. this patch will not effect mysql or sqllite users.
the methodology used in the patch for postgresql should also be tested under sqllite I suspect it will have the same effect but im not sure.
Hello Paul, and thanks for your patch!
We are currently on our way to fixing several issues with the databases schema. Therefore I am going to wait until this is finished before making any change in the way we perform query to the database system, since improving the schema will impact the query themselves.
Concerning your patch, rather than solving the MIN/MAX problem in Prewikka, which involve using different path for different database, it would be interesting to have a look at fixing ticket #52, which would finally permit to fix the issue in a database independent way.
Making the query different depending on the database in Prewikka itself defeat the abstraction purpose of libpreludedb, and make the code more error prone and difficult to debug. So I would be willing to investigate this, but only as a last resort if we have no solution to the main problem.
Regards,
#2 Updated by Yoann VANDOORSELAERE over 16 years ago
- Status changed from New to Closed
- Resolution set to fixed
Mark as closed: Prewikka 0.9.13 contain a database independent fix for this issue.
#3 Updated by Yoann VANDOORSELAERE about 15 years ago
- Project changed from PRELUDE SIEM to Prewikka
- Category deleted (
5)