Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/780#discussion_r143064409
--- Diff: README.md ---
@@ -118,3 +118,9 @@ Some useful utilities that cross all of these parts of
the architecture:
* [Model as a Service](metron-analytics/metron-maas-service) : A Yarn
application which can deploy machine learning and statistical models onto the
cluster along with the associated Stellar functions to be able to call out to
them in a scalable manner.
* [Data management](metron-platform/metron-data-management) : A set of
data management utilities aimed at getting data into HBase in a format which
will allow data flowing through metron to be enriched with the results.
Contains integrations with threat intelligence feeds exposed via TAXII as well
as simple flat file structures.
* [Profiler](metron-analytics/metron-profiler) : A feature extraction
mechanism that can generate a profile describing the behavior of an entity. An
entity might be a server, user, subnet or application. Once a profile has been
generated defining what normal behavior looks-like, models can be built that
identify anomalous behavior.
+
+# Notes on Adding a New Sensor
+In order to allow for meta alerts to be queries alongside regular alerts
in Elasticsearch 2.x,
+it is necessary to add an additional field to the templates and mapping
for existing sensors.
+
+Please see a description of the steps necessary to make this change in the
metron-elasticsearch
[README](./metron-platform/metron-elasticsearch#using-metron-with-elasticsearch-2x)
--- End diff --
You are correct, and I didn't catch it because it still goes to the correct
readme, but without going to the section.
---
