In file phplib/Filter/Enricher.php, the following code will generate field names with "dot" in them and since Elastisearch doesn't support "dot" in fields names, alerts will not be saved on the server.
if(is_object($val)) { $val = json_encode($val); }
Something like this should work:
function flatten(array $array)
{
$return = array();
array_walk_recursive($array,
function ($a) use(&$return)
{
$return[] = $a;
}
});
if (is_array($val))
{
$flat_array = flatten($val)
foreach($flat_array as $key_ => $value_)
{
$alert['content'][$key_] = $value_;
}
}
else
{
$alert['content'][$key] = $val;
}
Oh, nice find! We use enrichers purely on the frontend, so we haven't hit this problem. I'm wary of flattening the data though - maybe it'd be better to replace .s with another character.
In file phplib/Filter/Enricher.php, the following code will generate field names with "dot" in them and since Elastisearch doesn't support "dot" in fields names, alerts will not be saved on the server.
if(is_object($val)) { $val = json_encode($val); }
Something like this should work:
ref: