[ https://issues.apache.org/jira/browse/METRON-590?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nick Allen updated METRON-590: ------------------------------ Fix Version/s: Next + 1 > Enable Use of Event Time in Profiler > ------------------------------------ > > Key: METRON-590 > URL: https://issues.apache.org/jira/browse/METRON-590 > Project: Metron > Issue Type: Improvement > Affects Versions: 0.4.2 > Reporter: Nick Allen > Assignee: Nick Allen > Priority: Major > Fix For: Next + 1 > > > There are at least two different times that are important to consider when > handling the telemetry messages received by Metron. > (1) Processing time is the time at which Metron processed the message. > (2) Event time is the time at which the event actually occurred. > If Metron is consuming live data and all is well, the processing and event > times may remain close and consistent. When processing time differs from > event time the data produced by the Profiler may be inaccurate. There are a > few scenarios under which these times might differ greatly which would > negatively impact the feature set produced by the Profiler. > (1) When the system has experienced an outage, for example, a scheduled > maintenance window. When restarted a high volume of messages will need to be > processed by the Profiler. The output of the Profiler will indicate an > increase in activity, although no change in activity actually occurred on the > target network. This could happen whether the outage was Metron itself or an > upstream system that feeds data to Metron. > (2) If the user attempts to replay historical telemetry through the Profiler, > the Profiler will attribute the activity to the time period in which it was > processed. Obviously the activity should be attributed to the time period in > which the raw telemetry events originated in. > There are some scenarios when processing time might be preferred and other > use cases where event time is preferred. The Profiler should be enhanced to > allow it to produce profiles based on either processing time or event time. -- This message was sent by Atlassian JIRA (v7.6.3#76005)