Uploaded image for project: 'Metron (Retired)'
  1. Metron (Retired)
  2. METRON-1742 Improve CEF log management throughout
  3. METRON-1746

CEF lacks an ES template

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: To Do
    • Blocker
    • Resolution: Unresolved
    • None
    • None
    • None

    Description

      An ES template should exist here<https://github.com/apache/metron/tree/9fdccba371c1f1e0dcb79e00a7207a934b79b64c/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/files>

      If you only pass in CEF data, the alerts UI will not be able to display anything, and ES will return a 500 saying "Fielddata is disabled on text fields by default."

      Attachments

        Activity

          People

            Unassigned Unassigned
            jonzeolla Jon Zeolla
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated: