[
https://issues.apache.org/jira/browse/METRON-1608?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16506254#comment-16506254
]
ASF GitHub Bot commented on METRON-1608:
----------------------------------------
Github user merrimanr commented on a diff in the pull request:
https://github.com/apache/metron/pull/1055#discussion_r194118177
--- Diff:
metron-platform/metron-elasticsearch/src/main/java/org/apache/metron/elasticsearch/dao/ElasticsearchMetaAlertDao.java
---
@@ -720,4 +719,12 @@ public int getPageSize() {
public void setPageSize(int pageSize) {
this.pageSize = pageSize;
}
+
+ private String getField(String globalConfigKey, String defaultField) {
--- End diff --
The latest commit extracts this to ConfigurationsUtils class in
metron-common. This class is already really big so I was hesitant to add it
there but I'm not sure where else it belongs.
> Add configuration for threat.triage.field name
> ----------------------------------------------
>
> Key: METRON-1608
> URL: https://issues.apache.org/jira/browse/METRON-1608
> Project: Metron
> Issue Type: Bug
> Reporter: Ryan Merriman
> Priority: Major
>
> Currently there is an option for replacing '.'s with ':'s in Elasticsearch
> field names. This is the default behavior. However our current version of
> Elasticsearch (5.6.2) now allows '.'s so it's possible for users to use '.'s
> instead. In the DAO implementation (metaalerts specifically), the
> threat.triage.field is hardcoded with ':'s and will not work properly if a
> user switches to using '.'s.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
