Github user nickwallen commented on the issue:
https://github.com/apache/metron/pull/710
> A new facet pane is added to GUI that groups data based on the following
'hard coded' fields ('source:type', 'ip_src_addr', 'ip_dst_addr', 'host',
'enrichments:geo:ip_dst_addr:country')
I am assuming that we will "un-hard code" the list of fields included in
the facet panel in a future PR. But even as a first pass, I don't think 'host'
should be included. This is not a common field. It is only present in a
subset of Bro records. Most records do not have this field.
---
