Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/metron/pull/780#discussion_r142214035
--- Diff: metron-platform/metron-indexing/README.md ---
@@ -163,6 +163,36 @@ Both of these functions are handled under the hood.
In addition, an API endpoint is added for the meta alert specific features
of creation and going from meta alert to alert.
The denormalization handles the case of going from meta alert to alert
automatically.
+With Elasticsearch 2.x, there is an additional requirement that all
sensors templates have a nested alert field defined. This field is a dummy
field, and will be obsolete in Elasticsearch 5.x. See [Ignoring Unmapped
Fields](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-request-sort.html#_ignoring_unmapped_fields)
for more information
+
+Definition of the expected field:
+```
+ "alert": {
+ "type": "nested"
+ }
+```
+
+Without this field, an error will be thrown during ALL searches (including
from UIs, resulting in no alerts being found for any sensor):
--- End diff --
Where exactly would I see this error message? In the UI itself or is it
only logged by the REST API?
Maybe this error message with a link to your explanation could go in a
separate **FAQ** section (in whatever README you decide to land this in.)
---
