Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/780#discussion_r143064505
--- Diff: Upgrading.md ---
@@ -2,6 +2,48 @@
This document constitutes a per-version listing of changes of
configuration which are non-backwards compatible.
+## 0.4.1 to 0.4.2
+
+### [METRON-1158: Build backend for grouping alerts into meta
alerts](https://issues.apache.org/jira/browse/METRON-1158)
+In order to allow for meta alerts to be queries alongside regular alerts
in Elasticsearch 2.x,
+it is necessary to add an additional field to the templates and mapping
for existing sensors.
+
+Two steps must be done for each sensor, but not on each index for each
sensor.
+
+First is to update the Elasticsearch template for each sensor, so any new
indices have the field:
+
+```
+export SENSOR="bro"
--- End diff --
Screwed it up when I move stuff around. Moved a few statements up, along
with the export that was later.
---
