Details
-
Bug
-
Status: Done
-
Major
-
Resolution: Done
-
None
-
None
Description
Currently there is an option for replacing '.'s with ':'s in Elasticsearch field names. This is the default behavior. However our current version of Elasticsearch (5.6.2) now allows '.'s so it's possible for users to use '.'s instead. In the DAO implementation (metaalerts specifically), the threat.triage.field is hardcoded with ':'s and will not work properly if a user switches to using '.'s.
Attachments
Issue Links
- is depended upon by
-
METRON-1622 Allow user to define global property 'threat.triage.score.field' in Ambari
- Done
- is duplicated by
-
METRON-1600 Solr should be using threat.triage.score everywhere instead of threat:triage:score (back end)
- Done
- links to