Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/metron/pull/1047#discussion_r196130055
--- Diff:
metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/configuration/metron-env.xml
---
@@ -137,4 +137,10 @@
<value>yyyy.MM.dd.HH</value>
<display-name>Elasticsearch Date Format</display-name>
</property>
+ <property>
+ <name>source_type_field</name>
+ <display-name>Source Type Field</display-name>
+ <description>Name of the message field that contains the source
type.</description>
+ <value>source.type</value>
--- End diff --
Ah, I was a little confused by this. I set it to `source.type` based on
the value defined in
[`Constants`](https://github.com/apache/metron/blob/32d132b3f8ac7d915180882934d38504263d86ae/metron-platform/metron-common/src/main/java/org/apache/metron/common/Constants.java#L29).
The Enrichment and Indexing topologies use `MessageUtils.getSensorType(msg)`
to get the source type of a message. Right now this will always look for a
field called `source.type`.
But after digging a little more, it seems that this setting is currently
only intended to define where the UI looks for the source type in the search
indices, not to where Enrichment or Indexing look. That explains my confusion.
I will update this to use `source:type` as you guys have mentioned and also
update the description to clarify that this field is only intended for the UI.
---
