You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The everything view is an optional sort of hello world view where we show all the detections with little or no prioritization. The original query was this:
MATCH (n:ENTITY)-[r]->(m) where n.view = 1 and m.view = 1 return n,r,m
Somewhere around 6k alerts and 100 entities this stops working. It returns in neo4j but not in the web ui.
For now I changed it to to this which works ok;
MATCH (h:ENTITY)-[r]->() WHERE NOT type(r) IN ['AS_SOURCE', 'AS_DEST'] WITH h MATCH p=(h)-[r]->() RETURN p
Questions
While this works, it is not making use of the views, and so may not be optimal.
For some reason the source / dest relations are still there and I'm not sure if we need them or can prune them..we are precomputing entities prior to ingest now because this is hard in neo and simpler in Python
The text was updated successfully, but these errors were encountered:
The everything view is an optional sort of hello world view where we show all the detections with little or no prioritization. The original query was this:
MATCH (n:ENTITY)-[r]->(m) where n.view = 1 and m.view = 1 return n,r,mSomewhere around 6k alerts and 100 entities this stops working. It returns in neo4j but not in the web ui.
For now I changed it to to this which works ok;
MATCH (h:ENTITY)-[r]->() WHERE NOT type(r) IN ['AS_SOURCE', 'AS_DEST'] WITH h MATCH p=(h)-[r]->() RETURN pQuestions
The text was updated successfully, but these errors were encountered: