Github user nickwallen commented on the issue:
https://github.com/apache/metron/pull/811
> I find that extremely confusing as a user of the tool.
To explain that a bit more (and continuing with that same basic example)...
As a user I created a meta-alert where the hostname is "ip-addr.es". Since
I created a meta-alert around that specific hostname, that must be a pretty
important host name. It is probably something I am investigating right now.
Now imagine I ask my Tier III to take a look at that weird hostname. He's
going to do something like this to attempt to find that problematic hostname.
It appears that the hostname "ip-addr.es" is completely missing. It is as
if we lost data. This is the kind of work flow that I think is very confusing.
---
