Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/1171
Ok I took a larger sampling and redid my testing. Things still look good
at a high level.
```
$ wc -l *csv
1046 config.csv
32424 system.csv
100 threat.csv
5090 traffic.csv
38660 total
```
```
vagrant up
vagrant ssh
sudo service sensor-stubs stop
export PATH=$PATH:/usr/hdp/current/kafka-broker/bin
export METRON_HOME=/usr/metron/0.5.1
export zk=node1:2181
export kafka=node1:6667
screen
# Go to the management UI and add a new sensor with name/topic of palo,
parser type PaloAltoFirewall, and start it.
# Created {config,system,threat,traffic}.csv using the data from my palo
# Restart Metron Parsers in Ambari
kafka-topics.sh --create --zookeeper $zk --replication-factor 1
--partitions 1 --topic palo
kafka-console-consumer.sh --zookeeper $zk --topic palo
# Create new screen session
kafka-console-consumer.sh --zookeeper $zk --topic enrichments
# Create new screen session
tail -f /var/log/storm/workers-artifacts/palo*/*/worker.log | grep -i
"failed to parse"
# Create new screen session
cat *.csv | kafka-console-producer.sh --broker-list $kafka --topic palo
```
No messages failed to parse, and the number of messages I sent to the palo
topic equaled the number that hit enrichments (38660 messages).
---
