[
https://issues.apache.org/jira/browse/METRON-694?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15890998#comment-15890998
]
ASF GitHub Bot commented on METRON-694:
---------------------------------------
Github user JonZeolla commented on the issue:
https://github.com/apache/incubator-metron/pull/453
I believe you would still have the issue in some cases. The limitation is
that the raw_message field could be a long set of characters, processed as a
single token. I don't know of a way to configure ES to bypass this limitation,
because no matter what you could have a long string that won't get tokenized
with the built-ins (i.e. for instance, the URI field of an HTTP message from
Bro).
> Index Errors from Topologies
> ----------------------------
>
> Key: METRON-694
> URL: https://issues.apache.org/jira/browse/METRON-694
> Project: Metron
> Issue Type: Bug
> Reporter: Ryan Merriman
>
> Need to make sure (and review) that all the bolts write into the error queue.
> Errors should then be consumed from the error queue and indexed.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
