You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@metron.apache.org by "Ward Bekker (JIRA)" <ji...@apache.org> on 2018/04/06 07:28:00 UTC
[jira] [Updated] (METRON-1513) Since ES 5+ dots in fields names are
supported, no dedot needed
[ https://issues.apache.org/jira/browse/METRON-1513?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ward Bekker updated METRON-1513:
--------------------------------
Priority: Minor (was: Major)
> Since ES 5+ dots in fields names are supported, no dedot needed
> ---------------------------------------------------------------
>
> Key: METRON-1513
> URL: https://issues.apache.org/jira/browse/METRON-1513
> Project: Metron
> Issue Type: Improvement
> Affects Versions: 0.4.3
> Reporter: Ward Bekker
> Priority: Minor
>
> In Elasticsearch 5.0, dots are permitted in field names and each step in the path is interpreted as an object field, except for the last step.
> See [https://www.elastic.co/guide/en/elasticsearch/reference/2.4/dots-in-names.html#dots-in-names]
> Currently fields are de-dotted when writing out to ES. This is no longer needed.
> ES templates need to be updated to make sure the matches are correct:
> e.g "match": "threat:triage:*score",
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)