Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/619
As a note, this ticket is slightly impacted by the metaalerts backend
ticket (https://github.com/apache/metron/pull/734). The alerts field in the
various templates should be removed and the search queries for meta alerts
updated according to
https://www.elastic.co/guide/en/elasticsearch/reference/current/search-request-sort.html#_ignoring_unmapped_fields,
in order to allow for searches against metaalerts without having to have an
alert field in each template.
---
