Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/metron/pull/780#discussion_r143062420
--- Diff: README.md ---
@@ -118,3 +118,9 @@ Some useful utilities that cross all of these parts of
the architecture:
* [Model as a Service](metron-analytics/metron-maas-service) : A Yarn
application which can deploy machine learning and statistical models onto the
cluster along with the associated Stellar functions to be able to call out to
them in a scalable manner.
* [Data management](metron-platform/metron-data-management) : A set of
data management utilities aimed at getting data into HBase in a format which
will allow data flowing through metron to be enriched with the results.
Contains integrations with threat intelligence feeds exposed via TAXII as well
as simple flat file structures.
* [Profiler](metron-analytics/metron-profiler) : A feature extraction
mechanism that can generate a profile describing the behavior of an entity. An
entity might be a server, user, subnet or application. Once a profile has been
generated defining what normal behavior looks-like, models can be built that
identify anomalous behavior.
+
+# Notes on Adding a New Sensor
+In order to allow for meta alerts to be queries alongside regular alerts
in Elasticsearch 2.x,
+it is necessary to add an additional field to the templates and mapping
for existing sensors.
+
+Please see a description of the steps necessary to make this change in the
metron-elasticsearch
[README](./metron-platform/metron-elasticsearch#using-metron-with-elasticsearch-2x)
--- End diff --
I am pretty sure that to make this work correctly when we generate the site
book, you have to name the link "Using Metron with Elasticsearch 2.x" or
something close to that. If you've already vetted the site book, then ignore
me.
---
