Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/840#discussion_r153289006
--- Diff:
metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/files/snort_index.template
---
@@ -102,13 +94,25 @@
"match_mapping_type": "*"
}
},
- {
- "threat_triage_reason": {
- "mapping": {
- "type": "string"
- },
- "match": "threat:triage:rules:*:reason",
- "match_mapping_type": "*"
+ {
+ "threat_triage_reason": {
+ "mapping": {
+ "type": "text",
+ "fielddata": "true"
+ },
+ "match": "threat.triage.rules:*:reason",
+ "match_mapping_type": "*"
+ }
+ },
+ {
+ "threat_triage_name": {
+ "mapping": {
+ "type": "text",
+ "fielddata": "true"
+ },
+ "match": "threat.triage.rules:*:name",
+ "match_mapping_type": "*"
+ }
}
},
--- End diff --
This brace is extraneous, I'm guessing a merge broke it. Drop it, but keep
the comma and we should be good. I'd just get the formatting lined back up
while you're in there.
---
