Fixed, thanks!
On September 19, 2017 at 12:18:02, Frank Horsfall ( [email protected]) wrote: Hello all. While reviewing the tutorial on enhancing the Metron Dashboard I came across an interesting entry to create the index template for Squid. Is the reference to bro_doc correct? https://cwiki.apache.org/confluence/display/METRON/Enhancing+Metron+Dashboard curl -XPOST $ <http://ec2-52-40-44-64.us-west-2.compute.amazonaws.com/>SEARCH_HOST:$SEARCH_PORT/_template/squid_index -d ' { "template": "squid_index*", "mappings": { "bro_doc": { "_timestamp": { "enabled": true }, "properties": { "timestamp": { "type": "date", "format": "epoch_millis" }, kindest Frank
