Hello all. While reviewing the tutorial on enhancing the Metron Dashboard I came across an interesting entry to create the index template for Squid. Is the reference to bro_doc correct?
https://cwiki.apache.org/confluence/display/METRON/Enhancing+Metron+Dashboard curl -XPOST $<http://ec2-52-40-44-64.us-west-2.compute.amazonaws.com/>SEARCH_HOST:$SEARCH_PORT/_template/squid_index -d ' { "template": "squid_index*", "mappings": { "bro_doc": { "_timestamp": { "enabled": true }, "properties": { "timestamp": { "type": "date", "format": "epoch_millis" }, kindest Frank
