My sincerest apologies for the very late response to this. We haven’t changed any of the default settings.
We did define the elasticsearch index ourselves based on the data we are consuming with the sensor. It does occur on other sensors as well. It seems to replicate the original record. Further, when the action is changed from new to open, then another duplicate is create but with the updated alert_status (in this example with the open alert_status). I am not sure if this is expected behavior? Apologies once again for my late response and thank you for your time and assistance. On Fri, 13 Mar 2020 at 23:15, Nick Allen <[email protected]> wrote: > Have you changed any default settings? Have you changed the Elasticsearch > index templates at all? Does the duplication occur for only one sensor > type or for all sensor types? > > On Wed, Mar 11, 2020 at 7:20 AM Euan Hope <[email protected]> wrote: > >> Hello Metron community. >> >> My users have encountered a duplication of records in the alerts ui when >> the user places a comment for that specific record. >> >> I’m not sure why this is happening. >> >> Could anyone advise and provide some guidance? >> >> Thanking you in advance for your assistance >> >> Regards >> >
