[jira] [Assigned] (METRON-908) Improve ES indexing for bro logs

Jon Zeolla (JIRA) Wed, 15 Nov 2017 08:22:19 -0800

     [ 
https://issues.apache.org/jira/browse/METRON-908?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jon Zeolla reassigned METRON-908:
---------------------------------

    Assignee:     (was: Jon Zeolla)

> Improve ES indexing for bro logs
> --------------------------------
>
>                 Key: METRON-908
>                 URL: https://issues.apache.org/jira/browse/METRON-908
>             Project: Metron
>          Issue Type: Improvement
>            Reporter: Jon Zeolla
>
> Right now ES indexing is rather simple.  Because we know the schema of the 
> bro logs, we should investigate and implement more useful indexing and 
> tokenization methods.
> An initial offhand idea is to consider the path hierarchy tokenizer 
> https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis-pathhierarchy-tokenizer.html#analysis-pathhierarchy-tokenizer
> We should also create a custom tokenizer for comma separated values, which 
> are how bro logs write sets into a field.  
> http://stackoverflow.com/questions/31143136/indexing-a-comma-separated-value-field-in-elastic-search



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Assigned] (METRON-908) Improve ES indexing for bro logs

Reply via email to