Hortonworks Cybersecurity Platform
Also available as:
PDF
loading table of contents...

Update Existing Indexes to Work with Elasticsearch 5x

You must update existing indexes to work with Elasticsearch 5x.

Update Elasticsearch mappings with the new field for each sensor:
curl -XPUT "http://${ELASTICSEARCH_HOST}:9200/${SENSOR}_index*/_mapping/${SENSOR}_doc" -d '
 {
         "properties" : {
           "metron_alert" : {
             "type" : "nested"
           }
         }
 }
 '
 rm ${SENSOR}.template