Creating a New Index Template or Schema
When you set up a new sensor, you must create either a new index template if you are using Elasticsearch or a new index schema if you are using Solr.
Add the following to the properties section of the template or the schema:
"properties": {
"metron_field": {
"type": "keyword"
}
}
Refer to Elastic Index Templates or Solr Index Schemas for more information.