Github user mmiklavc commented on the issue:
https://github.com/apache/metron/pull/834
@nickwallen and @cestella you both make some good points here. The upshot
is that this part of our architecture is inextricably tied to ES and in reality
we should have another abstraction here. It appears to me that we cannot add
new templates via the current Ambari mechanism without modifying a
release/MPack. It's fine for managed sensors (bro, yaf, snort, other potential
future default sensors), but if a user wants to add new templates, you'd have
to manage them outside of Ambari. It's clear to me now that the back and forth
on the right way to manage the error handling is because we have a code smell
that needs some additional work.
---
