[ https://issues.apache.org/jira/browse/METRON-1301?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16240767#comment-16240767 ]
ASF GitHub Bot commented on METRON-1301: ---------------------------------------- Github user nickwallen commented on a diff in the pull request: https://github.com/apache/metron/pull/832#discussion_r149181570 --- Diff: metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/files/bro_index.template --- @@ -98,7 +98,7 @@ "mapping": { "type": "float" }, - "match": "threat.triage.rules:*:score", + "match": "threat:triage:*score", --- End diff -- Prior to this change, the overall threat triage score field `threat:triage:score` was not mapped to a `float` as we had assumed. > Alerts UI - Sorting on Triage Score Unexpectedly Filters Some Records > --------------------------------------------------------------------- > > Key: METRON-1301 > URL: https://issues.apache.org/jira/browse/METRON-1301 > Project: Metron > Issue Type: Bug > Affects Versions: 0.4.1 > Reporter: Nick Allen > Assignee: Nick Allen > Fix For: Next + 1 > > Attachments: 01-Alerts-UI-default-view.png, 02-Sort-on-Score-field.png > > > Sorting on a field like threat triage score in the Alerts UI removes any > records that do not have a threat triage score defined from the search > results. > For example, I have 7 records when sorted by timestamp. All 7 records have a > timestamp field. > After sorting by score (threat triage score) there are only 5 records. The 2 > records missing a threat triage score are no longer included. -- This message was sent by Atlassian JIRA (v6.4.14#64029)