metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dlyle65535 <>
Subject [GitHub] incubator-metron pull request #145: METRON-212: Allow additional Elasticsear...
Date Mon, 06 Jun 2016 23:21:57 GMT
GitHub user dlyle65535 opened a pull request:

    METRON-212: Allow additional Elasticsearch templates to be loaded to the index

    Tested with quick-dev-platform. 
    Currently this will allow the use of custom Elasticsearch templates by adding *.template
files to the metron_streaming/files/es_templates directory. Deployment will pick them up and
send them to the index using the basename without the .template extension as the template
    I'm interested if others think that I should add an optional custom-defined directory
name to pick up additional templates. Easy to do, but I wasn't sure it was needed.
    This can be verified by running deployment and then running GET _template/* using your
index-putter of choice (curl, sense, whatever). You should see a template that corresponds
to each filename.
    e.g. for Bro:
       "bro_index": {
          "order": 0,
          "template": "bro_index*",
          "settings": {},
          "mappings": {
             "bro_doc": {
                "_timestamp": {
                   "enabled": true
                "properties": {
                   "enrichments:geo:ip_dst_addr:location_point": {
                      "type": "geo_point"
                   "timestamp": {
                      "format": "epoch_millis",
                      "type": "date"
          "aliases": {}

You can merge this pull request into a Git repository by running:

    $ git pull METRON-212

Alternatively you can review and apply these changes as the patch at:

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #145
commit 8e0398d2eafea3b6e234bbfb8baf7f9521c9021a
Author: David Lyle <>
Date:   2016-06-06T23:12:24Z

    METRON-212: Allow additional Elasticsearch templates to be loaded to the index


If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at or file a JIRA ticket
with INFRA.

View raw message