Upgrading Elasticsearch Alert Field
Beginning with HCP 1.7.0, the Elasticsearch metaalert alert
nested
field has been changed to metron_alert
. Due to this change, HCP 1.7.0 and
later is unable to use indices containing the alert
field.
metron_alert
, then create new indices with the new template and
mapping, and migrate existing data to the new indices.