Upgrading Elasticsearch Alert Field
Beginning with HCP 1.7.0, the Elasticsearch metaalert alert
nested
field has been changed to metron_alert
. Due to this change, HCP 1.7.0 and
later is unable to use indices containing the alert
field.
meta_alert
, then create new indices with the new template and mapping,
and migrate existing data to the new indices.