elastalert icon indicating copy to clipboard operation
elastalert copied to clipboard
verified publisher icon Yelp

Put quotes around aggregate_id search

Open Qmando opened this issue 7 years ago • 0 comments

Add quotes to the aggregate_id search. This prevents it from accidentally picking up incorrect alerts if the _ids share common patterns. Note that this only occurs if the mapping is applied incorrectly, as aggregate_id is supposed to be non-analyzed. However, we may as well preemptively prevent these errors because it's as simple as adding quotes.

Qmando avatar Dec 18 '18 22:12 Qmando