[GitHub] incubator-metron pull request #145: METRON-212: Allow additional Elasticsear...

[dlyle65535]

GitHub user dlyle65535 opened a pull request:

    https://github.com/apache/incubator-metron/pull/145

    METRON-212: Allow additional Elasticsearch templates to be loaded to the 
index

    Tested with quick-dev-platform. 
    
    Currently this will allow the use of custom Elasticsearch templates by 
adding *.template files to the metron_streaming/files/es_templates directory. 
Deployment will pick them up and send them to the index using the basename 
without the .template extension as the template name.
    
    I'm interested if others think that I should add an optional custom-defined 
directory name to pick up additional templates. Easy to do, but I wasn't sure 
it was needed.
    
    This can be verified by running deployment and then running GET _template/* 
using your index-putter of choice (curl, sense, whatever). You should see a 
template that corresponds to each filename.
    
    e.g. for Bro:
    
    ```json
    {
       "bro_index": {
          "order": 0,
          "template": "bro_index*",
          "settings": {},
          "mappings": {
             "bro_doc": {
                "_timestamp": {
                   "enabled": true
                },
                "properties": {
                   "enrichments:geo:ip_dst_addr:location_point": {
                      "type": "geo_point"
                   },
                   "timestamp": {
                      "format": "epoch_millis",
                      "type": "date"
                   }
                }
             }
          },
          "aliases": {}
       }
    ```

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/dlyle65535/incubator-metron METRON-212

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/incubator-metron/pull/145.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #145
    
----
commit 8e0398d2eafea3b6e234bbfb8baf7f9521c9021a
Author: David Lyle <dlyle65...@gmail.com>
Date:   2016-06-06T23:12:24Z

    METRON-212: Allow additional Elasticsearch templates to be loaded to the 
index

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---