[
https://issues.apache.org/jira/browse/METRON-1301?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16240767#comment-16240767
]
ASF GitHub Bot commented on METRON-1301:
----------------------------------------
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/metron/pull/832#discussion_r149181570
--- Diff:
metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/files/bro_index.template
---
@@ -98,7 +98,7 @@
"mapping": {
"type": "float"
},
- "match": "threat.triage.rules:*:score",
+ "match": "threat:triage:*score",
--- End diff --
Prior to this change, the overall threat triage score field
`threat:triage:score` was not mapped to a `float` as we had assumed.
> Alerts UI - Sorting on Triage Score Unexpectedly Filters Some Records
> ---------------------------------------------------------------------
>
> Key: METRON-1301
> URL: https://issues.apache.org/jira/browse/METRON-1301
> Project: Metron
> Issue Type: Bug
> Affects Versions: 0.4.1
> Reporter: Nick Allen
> Assignee: Nick Allen
> Fix For: Next + 1
>
> Attachments: 01-Alerts-UI-default-view.png, 02-Sort-on-Score-field.png
>
>
> Sorting on a field like threat triage score in the Alerts UI removes any
> records that do not have a threat triage score defined from the search
> results.
> For example, I have 7 records when sorted by timestamp. All 7 records have a
> timestamp field.
> After sorting by score (threat triage score) there are only 5 records. The 2
> records missing a threat triage score are no longer included.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
