metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From JonZeolla <>
Subject [GitHub] incubator-metron issue #453: METRON-694: Index Errors from Topologies
Date Wed, 01 Mar 2017 20:46:53 GMT
Github user JonZeolla commented on the issue:
    I believe you would still have the issue in some cases.  The limitation is that the raw_message
field could be a long set of characters, processed as a single token.  I don't know of a way
to configure ES to bypass this limitation, because no matter what you could have a long string
that won't get tokenized with the built-ins (i.e. for instance, the URI field of an HTTP message
from Bro).

If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at or file a JIRA ticket
with INFRA.

View raw message