You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@metron.apache.org by Frank Horsfall <Fr...@cunet.carleton.ca> on 2017/09/19 16:17:57 UTC

Question regarding telemetry

Hello all.

While reviewing the tutorial on enhancing the Metron Dashboard I came across an interesting entry to create the index template for Squid.  Is the reference  to bro_doc correct?

https://cwiki.apache.org/confluence/display/METRON/Enhancing+Metron+Dashboard


curl -XPOST $<http://ec2-52-40-44-64.us-west-2.compute.amazonaws.com/>SEARCH_HOST:$SEARCH_PORT/_template/squid_index -d '
 {
 "template": "squid_index*",
 "mappings": {
 "bro_doc": {
 "_timestamp": {
 "enabled": true
 },
 "properties": {
 "timestamp": {
 "type": "date",
 "format": "epoch_millis"
 },


kindest
Frank

Re: Question regarding telemetry

Posted by Otto Fowler <ot...@gmail.com>.

Fixed, thanks!


On September 19, 2017 at 12:18:02, Frank Horsfall (
frankhorsfall@cunet.carleton.ca) wrote:

Hello all.



While reviewing the tutorial on enhancing the Metron Dashboard I came
across an interesting entry to create the index template for Squid.  Is the
reference  to bro_doc correct?



https://cwiki.apache.org/confluence/display/METRON/Enhancing+Metron+Dashboard



curl -XPOST $ <http://ec2-52-40-44-64.us-west-2.compute.amazonaws.com/>SEARCH_HOST:$SEARCH_PORT/_template/squid_index
-d '
 {
 "template": "squid_index*",
 "mappings": {
 "bro_doc": {
 "_timestamp": {
 "enabled": true
 },
 "properties": {
 "timestamp": {
 "type": "date",
 "format": "epoch_millis"
 },





kindest

Frank