Skip to content
This repository has been archived by the owner on May 12, 2021. It is now read-only.

METRON-1603: Fix multivalue field errors in Bro Solr schema #1051

Closed
wants to merge 1 commit into from
Closed

METRON-1603: Fix multivalue field errors in Bro Solr schema #1051

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
24 changes: 12 additions & 12 deletions metron-platform/metron-solr/src/main/config/schema/bro/schema.xml
View file
Open in desktop
Expand Up @@ -146,8 +146,8 @@
<field name="RD" type="boolean" indexed="true" stored="true" />
<field name="RA" type="boolean" indexed="true" stored="true" />
<field name="Z" type="pint" indexed="true" stored="true" />
<field name="answers" type="string" indexed="true" stored="true" />
<field name="TTLs" type="string" indexed="true" stored="true" />
<field name="answers" type="string" indexed="true" stored="true" multiValued="true" />
<field name="TTLs" type="string" indexed="true" stored="true" multiValued="true" />
<field name="rejected" type="boolean" indexed="true" stored="true" />
<!--
* Conn log support
Expand Down Expand Up @@ -177,7 +177,7 @@
<field name="orig_ip_bytes" type="plong" indexed="true" stored="true" />
<field name="resp_pkts" type="plong" indexed="true" stored="true" />
<field name="resp_ip_bytes" type="plong" indexed="true" stored="true" />
<field name="tunnel_parents" type="string" indexed="true" stored="true" />
<field name="tunnel_parents" type="string" indexed="true" stored="true" multiValued="true" />
<!--
* DPD log support
* https://www.bro.org/sphinx-git/scripts/base/frameworks/dpd/main.bro.html#type-DPD::Info
Expand Down Expand Up @@ -242,10 +242,10 @@
* Field: fuid
* Notes: Field exists in the FTP, Files, and Notice logs
-->
<field name="conn_uids" type="string" indexed="true" stored="true" />
<field name="conn_uids" type="string" indexed="true" stored="true" multiValued="true" />
<field name="source" type="string" indexed="true" stored="true" />
<field name="depth" type="pint" indexed="true" stored="true" />
<field name="analyzers" type="string" indexed="true" stored="true" />
<field name="analyzers" type="string" indexed="true" stored="true" multiValued="true" />
<field name="filename" type="string" indexed="true" stored="true" />
<field name="is_orig" type="boolean" indexed="true" stored="true" />
<field name="seen_bytes" type="plong" indexed="true" stored="true" />
Expand Down Expand Up @@ -311,9 +311,9 @@
<field name="first_received" type="string" indexed="true" stored="true" />
<field name="second_received" type="string" indexed="true" stored="true" />
<field name="last_reply" type="string" indexed="true" stored="true" />
<field name="path" type="string" indexed="true" stored="true" />
<field name="path" type="string" indexed="true" stored="true" multiValued="true" />
<field name="tls" type="boolean" indexed="true" stored="true" />
<field name="fuids" type="string" indexed="true" stored="true" />
<field name="fuids" type="string" indexed="true" stored="true" multiValued="true" />
<field name="is_webmail" type="boolean" indexed="true" stored="true" />

<!--
Expand All @@ -336,8 +336,8 @@
<field name="last_alert" type="string" indexed="true" stored="true" />
<field name="next_protocol" type="string" indexed="true" stored="true" />
<field name="established" type="boolean" indexed="true" stored="true" />
<field name="cert_chain_fuids" type="string" indexed="true" stored="true" />
<field name="client_cert_chain_fuids" type="string" indexed="true" stored="true" />
<field name="cert_chain_fuids" type="string" indexed="true" stored="true" multiValued="true" />
<field name="client_cert_chain_fuids" type="string" indexed="true" stored="true" multiValued="true" />
<field name="issuer" type="string" indexed="true" stored="true" />
<field name="client_subject" type="string" indexed="true" stored="true" />
<field name="client_issuer" type="string" indexed="true" stored="true" />
Expand Down Expand Up @@ -395,7 +395,7 @@
<field name="n" type="pint" indexed="true" stored="true" />
<field name="src_peer" type="ip" indexed="true" stored="true" />
<field name="peer_descr" type="string" indexed="true" stored="true" />
<field name="actions" type="string" indexed="true" stored="true" />
<field name="actions" type="string" indexed="true" stored="true" multiValued="true" />
<field name="suppress_for" type="pdouble" indexed="true" stored="true" />
<field name="dropped" type="boolean" indexed="true" stored="true" />
<field name="remote_location.country_code" type="string" indexed="true" stored="true" />
Expand Down Expand Up @@ -652,8 +652,8 @@
<field name="response_to" type="string" indexed="true" stored="true" />
<field name="call_id" type="string" indexed="true" stored="true" />
<field name="seq" type="string" indexed="true" stored="true" />
<field name="request_path" type="string" indexed="true" stored="true" />
<field name="response_path" type="string" indexed="true" stored="true" />
<field name="request_path" type="string" indexed="true" stored="true" multiValued="true" />
<field name="response_path" type="string" indexed="true" stored="true" multiValued="true" />
<field name="warning" type="string" indexed="true" stored="true" />
<field name="content_type" type="string" indexed="true" stored="true" />

Expand Down