Good day to everyone. I'm working on our own variation of the Geographic Login Outliers use case (https://metron.apache.org/current-book/use-cases/geographic_login_outliers/index.html). I noticed that our fields names arrive with a period in the name, for example "client.ip" and "user.id".
Our internal naming convention is intended to align the data ingestion solution with the Elasticsearch Common Schema. From experience, working with those dots in Elasticsearch is a challenge and it raises the question if we need to handle field names with a dot in a different matter in Metron. In the case of Metron, should we be modifying the field names to replace dots? Can the Metron STELLAR language handle a field name with a dot in it, or are there any special steps required such as surrounding event fields with single or double-quotes in order to properly handle those field names? Thank you, Tom.
smime.p7s
Description: S/MIME cryptographic signature
