"dot" in Elasticsearch Index fields

[commitcode]

In file phplib/Filter/Enricher.php, the following code will generate field names with "dot" in them and since Elastisearch doesn't support "dot" in fields names, alerts will not be saved on the server.

if(is_object($val)) { $val = json_encode($val); }

Something like this should work:

function flatten(array $array)
    {
    $return = array();
    array_walk_recursive($array,
    function ($a) use(&$return)
        {
        $return[] = $a;
        }
    });

if (is_array($val))
    {
    $flat_array = flatten($val)
    foreach($flat_array as $key_ => $value_)
        {
        $alert['content'][$key_] = $value_;
        }
    }
  else
    {
    $alert['content'][$key] = $val;
    }

ref:

[kiwiz]

Oh, nice find! We use enrichers purely on the frontend, so we haven't hit this problem. I'm wary of flattening the data though - maybe it'd be better to replace .s with another character.