[
https://issues.apache.org/jira/browse/METRON-902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15989061#comment-15989061
]
ASF GitHub Bot commented on METRON-902:
---------------------------------------
Github user ottobackwards commented on the issue:
https://github.com/apache/incubator-metron/pull/555
We should look at extending the indexing integration tests.... maybe.
another idea for me is if the ES templates get bundled with the parsers, we
can have new parser integration tests for that
> ES improperly indexes Bro logs
> ------------------------------
>
> Key: METRON-902
> URL: https://issues.apache.org/jira/browse/METRON-902
> Project: Metron
> Issue Type: Bug
> Reporter: Jon Zeolla
> Assignee: Jon Zeolla
>
> It appears that an old issue has been reintroduced into the ES template for
> indexing bro DNS logs. It is possible that other issues have been
> reintroduced as well, as I have not yet reviewed the template holistically.
> Initial fix:
> https://github.com/apache/incubator-metron/blob/4bfb09c49fbc6204ce8b826887d99beff414f84a/metron-deployment/roles/metron_elasticsearch_templates/files/es_templates/bro_index.template#L165-L167
> Reintroduction:
> https://github.com/apache/incubator-metron/blob/125dbef1e59ff808a62e4f5a7d265aafbcf6bf08/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/0.2.0BETA/package/files/bro_index.template#L165-L167
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
