metron-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <>
Subject [jira] [Commented] (METRON-694) Index Errors from Topologies
Date Wed, 01 Mar 2017 20:47:45 GMT


ASF GitHub Bot commented on METRON-694:

Github user JonZeolla commented on the issue:
    I believe you would still have the issue in some cases.  The limitation is that the raw_message
field could be a long set of characters, processed as a single token.  I don't know of a way
to configure ES to bypass this limitation, because no matter what you could have a long string
that won't get tokenized with the built-ins (i.e. for instance, the URI field of an HTTP message
from Bro).

> Index Errors from Topologies
> ----------------------------
>                 Key: METRON-694
>                 URL:
>             Project: Metron
>          Issue Type: Bug
>            Reporter: Ryan Merriman
> Need to make sure (and review) that all the bolts write into the error queue. Errors
should then be consumed from the error queue and indexed.

This message was sent by Atlassian JIRA

View raw message