[jira] [Commented] (METRON-1746) CEF lacks an ES template

[Otto Fowler (JIRA)]

[ 
https://issues.apache.org/jira/browse/METRON-1746?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16590479#comment-16590479
 ] 

Otto Fowler commented on METRON-1746:
-

I think that is a good point [~simonellistonball], but would still be more 
valuable to the user than nothing.

> CEF lacks an ES template
> 
>
> Key: METRON-1746
> URL: https://issues.apache.org/jira/browse/METRON-1746
> Project: Metron
>  Issue Type: Sub-task
>Reporter: Jon Zeolla
>Priority: Blocker
>
> An ES template should exist 
> here
> If you only pass in CEF data, the alerts UI will not be able to display 
> anything, and ES will return a 500 saying "Fielddata is disabled on text 
> fields by default."



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (METRON-1746) CEF lacks an ES template

[Simon Elliston Ball (JIRA)]

[ 
https://issues.apache.org/jira/browse/METRON-1746?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16590449#comment-16590449
 ] 

Simon Elliston Ball commented on METRON-1746:
-

One thing to think about here is that it really can't have a fixed template. In 
the CEF parser we unroll CEF's custom field label mechanism into field names, 
so we do not know the name of the all the fields the parser will emit without 
parsing the data. As such, you could generate a template, but not write and 
commit one, unless you just want to create a default one for the CEF core 
fields, and have anything else just be dynamic.

> CEF lacks an ES template
> 
>
> Key: METRON-1746
> URL: https://issues.apache.org/jira/browse/METRON-1746
> Project: Metron
>  Issue Type: Sub-task
>Reporter: Jon Zeolla
>Priority: Blocker
>
> An ES template should exist 
> here
> If you only pass in CEF data, the alerts UI will not be able to display 
> anything, and ES will return a 500 saying "Fielddata is disabled on text 
> fields by default."



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)