Correct, sorry about the confusion.
Thank you very much for this example. Using this, I was able to get the use
case working. There actually was no template in ES available (or custom
indexing logic even), so I had to use the one you pointed me to, and add
indexing logic to point to that index
Hi David,
One quick thing just in case, is_alert, not is_alarm.
That said that should not affect what’s in the alerts ui. You should see data
from your geo source as well (whatever you called it). It is possible there may
be a problem with your elastic template. You might be interested in
All,
I am following the instructions located here for creating a parser which
detects user logins distant from their recent logins, and raising alarms:
https://github.com/apache/metron/tree/master/use-cases/geographic_login_outliers.
I have been able to successfully see the data show up in
