Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/metron/pull/780#discussion_r143063049
--- Diff: Upgrading.md ---
@@ -2,6 +2,48 @@
This document constitutes a per-version listing of changes of
configuration which are non-backwards compatible.
+## 0.4.1 to 0.4.2
+
+### [METRON-1158: Build backend for grouping alerts into meta
alerts](https://issues.apache.org/jira/browse/METRON-1158)
+In order to allow for meta alerts to be queries alongside regular alerts
in Elasticsearch 2.x,
+it is necessary to add an additional field to the templates and mapping
for existing sensors.
+
+Two steps must be done for each sensor, but not on each index for each
sensor.
+
+First is to update the Elasticsearch template for each sensor, so any new
indices have the field:
+
+```
+export SENSOR="bro"
--- End diff --
Tiny issue, but I think we're missing an export.
```
export ELASTICSEARCH="node1"
```
---
