Github user anandsubbu commented on a diff in the pull request:
https://github.com/apache/metron/pull/817#discussion_r147681110
--- Diff: metron-platform/metron-elasticsearch/README.md ---
@@ -81,3 +81,13 @@ curl -XPUT
"http://${ELASTICSEARCH}:9200/${SENSOR}_index*/_mapping/${SENSOR}_doc
'
rm ${SENSOR}.template
```
+
+## Installing Elasticsearch Templates
+
+The stock set of Elasticsearch templates for bro, snort, yaf, error index
and meta index are installed automatically during the first time install and
startup of Metron Indexing service.
+
--- End diff --
Reworded per your suggestion.
I believe the README section covers the current behavior with my change. If
you are talking about the scenarios noted in the PR description, then these are
captured in the existing ES README under the section [Using Metron with
Elasticsearch
2.x](https://github.com/apache/metron/tree/master/metron-platform/metron-elasticsearch#using-metron-with-elasticsearch-2x).
Please let me know which specific scenario you are referring to and I would be
happy to include them.
---
