Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/845#discussion_r152075990
--- Diff:
metron-platform/metron-elasticsearch/src/main/java/org/apache/metron/elasticsearch/dao/ElasticsearchMetaAlertDao.java
---
@@ -614,8 +625,15 @@ protected void calculateMetaScores(Document metaAlert)
{
}
metaScores = new MetaScores(scores);
}
+
+ // add a summary (max, min, avg, count, sum) of all the threat scores
from the child alerts
metaAlert.getDocument().putAll(metaScores.getMetaScores());
- metaAlert.getDocument().put(threatTriageField,
metaScores.getMetaScores().get(threatSort));
+
+ // the overall threat score for the metaalert; either max, min, avg,
count or sum of all child scores
--- End diff --
The calculations were done as Double and given to ES. However, there's no
definition of the field in ES (It just used automatic mapping), so it was given
the ES double.
---
