Github user nickwallen commented on the issue:
https://github.com/apache/metron/pull/811
I am seeing another issue that may or may not be related. It seems that
when I am using the "group by" functionality, I cannot see meta-alerts at all.
(1) If I am not using the "group by", I can see the meta-alert perfectly
fine.
(2) Now I want to group by host. I click the "host" group by widget, but
there are no results. I am left thinking... Where did the meta-alert go? The
only way I can see the meta-alert is to not use the "group by" functionality.
(3) And the UI screenshots match what is returned by the underlying API.
In the case of the missing meta-alert, this is the request/response.
Request:
```
{
"indices": [
"websphere",
"snort",
"asa",
"bro",
"yaf",
"metaalert"
],
"scoreField": "threat:triage:score",
"groups": [
{
"field": "host",
"order": {
"sortOrder": "desc",
"groupOrderType": "term"
}
}
],
"query": "(host:ip\\-addr.es OR alert.host:ip\\-addr.es)"
}
```
Response:
```
{"groupedBy":"host","groupResults":[]}
```
---
