Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"dot" in Elasticsearch Index fields #186

Open
commitcode opened this issue May 19, 2018 · 1 comment
Open

"dot" in Elasticsearch Index fields #186

commitcode opened this issue May 19, 2018 · 1 comment

Comments

@commitcode
Copy link

commitcode commented May 19, 2018
edited
Loading

In file phplib/Filter/Enricher.php, the following code will generate field names with "dot" in them and since Elastisearch doesn't support "dot" in fields names, alerts will not be saved on the server.

if(is_object($val)) { $val = json_encode($val); }

Something like this should work:

function flatten(array $array)
	{
	$return = array();
	array_walk_recursive($array,
	function ($a) use(&$return)
		{
		$return[] = $a;
		}
	});

if (is_array($val))
	{
	$flat_array = flatten($val)
	foreach($flat_array as $key_ => $value_)
		{
		$alert['content'][$key_] = $value_;
		}
	}
  else
	{
	$alert['content'][$key] = $val;
	}

ref:
@kiwiz
Copy link
Contributor

kiwiz commented Jul 31, 2018

Oh, nice find! We use enrichers purely on the frontend, so we haven't hit this problem. I'm wary of flattening the data though - maybe it'd be better to replace .s with another character.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kiwiz @commitcode