Github user basvdl commented on the issue:
https://github.com/apache/incubator-metron/pull/531
@nickwallen, these are indeed the options we have discussed...
> I am going to lay out all of the possibilities that I can think of just
so that we don't leave any stone unturned.
(1) Alter the Source of Telemetry - ...
(2) Use an Alternative Source of Telemetry - ...
(3) Reunite lines at the parser - ...
(4) Transport Mechanism - ...
1. Alter the Source of Telemetry - I agree with you that this is the least
preferred method.
2. Use an Alternative Source of Telemetry - The alternative I've looked
into was `tcpdump`, but this is less detailed.
3. Reunite lines at the parser - This will not give you a reliable
solution, mainly due to the reason you have given: 'We cannot rely on ordering
of the messages'
4. Transport Mechanism - In our case we are shipping the log using
(Mi)NiFi. We could look into a custom NiFi processor.
Another option that just came as a brainwave, maybe we can develop a kind
of yaf / yafscii solution. Where you pipe the output of DHCPDump into the stdin
of a `DHCPDumpToSingleLine` which will stitch the lines together and output
single line events to disk.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
