You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@metron.apache.org by "Jon Zeolla (JIRA)" <ji...@apache.org> on 2017/05/01 16:18:04 UTC

[jira] [Updated] (METRON-908) Improve ES indexing for bro logs

     [ https://issues.apache.org/jira/browse/METRON-908?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jon Zeolla updated METRON-908:
------------------------------
    Description: 
Right now ES indexing is rather simple.  Because we know the schema of the bro logs, we should investigate and implement more useful indexing and tokenization methods.

An initial offhand idea is to consider the path hierarchy tokenizer https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis-pathhierarchy-tokenizer.html#analysis-pathhierarchy-tokenizer


  was:Right now ES indexing is rather simple.  Because we know the schema of the bro logs, we should investigate and implement more useful indexing and tokenization methods.


> Improve ES indexing for bro logs
> --------------------------------
>
>                 Key: METRON-908
>                 URL: https://issues.apache.org/jira/browse/METRON-908
>             Project: Metron
>          Issue Type: Improvement
>            Reporter: Jon Zeolla
>            Assignee: Jon Zeolla
>
> Right now ES indexing is rather simple.  Because we know the schema of the bro logs, we should investigate and implement more useful indexing and tokenization methods.
> An initial offhand idea is to consider the path hierarchy tokenizer https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis-pathhierarchy-tokenizer.html#analysis-pathhierarchy-tokenizer



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)