Details
-
Improvement
-
Status: Done
-
Major
-
Resolution: Done
-
None
-
None
Description
The `ElasticsearchWriter` has a mechanism to transform the field names of a message before it is written to Elasticsearch. Right now this mechanism is hard-coded to replace all '.' dots with ':' colons.
This mechanism was needed for Elasticsearch 2.x which did not allow dots in field names. Now that Metron supports Elasticsearch 5.x this is no longer a problem.
A user should be able to configure the field name transformation when writing to Elasticsearch, as needed.
While it might have been simpler to just remove the de-dotting mechanism, this would break backwards compatibility. Providing users with a means to configure this mechanism provides them with an upgrade path.
Attachments
Issue Links
- links to