RedELK icon indicating copy to clipboard operation
RedELK copied to clipboard

Published 20 hours ago verified publisher icon outflanknl

Alarm manual

Open MarcOverIP opened this issue 3 years ago • 1 comments

PR for issue #138

One bug left: I want the fields host.name, user.name and host.ip are included in the returned alarm data. But these fields aren't filled with data, even when the actual event does have these fields.

MarcOverIP avatar Aug 19 '22 20:08 MarcOverIP

note: possibly this bug comes from the fact that it also queries ES docs that have not yet been enriched. So include the search query in the module to include tag: enriched_*

MarcOverIP avatar Sep 02 '22 10:09 MarcOverIP