Support for Elasticsearch 5.x
Elasticsearch 5x requires that all sensor templates include a nested alert field definition. Without this field, an error is thrown during all searches resulting in no alerts being found. This error is found in the REST service's logs:
QueryParsingException[[nested] failed to find nested object under path [alert]];
As a result, Elasticsearch 5x requires the following changes to support HCP queries.