Ward Bekker created METRON-1513:
-----------------------------------
Summary: Since ES 5+ dots in fields names are supported, no dedot
needed
Key: METRON-1513
URL: https://issues.apache.org/jira/browse/METRON-1513
Project: Metron
Issue Type: Improvement
Affects Versions: 0.4.3
Reporter: Ward Bekker
In Elasticsearch 5.0, dots are permitted in field names and each step in the
path is interpreted as an object field, except for the last step.
See
[https://www.elastic.co/guide/en/elasticsearch/reference/2.4/dots-in-names.html#dots-in-names]
Currently fields are de-dotted when writing out to ES. This is no longer
needed.
ES templates need to be updated to make sure the matches are correct:
e.g "match": "threat:triage:*score",
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
