Re: [DISCUSS] Central Navigation for Alerts and Management UI
That was my thought, too. The Management UI is meant for the Operations persona. And the Alerts UI is meant for the SOC analyst persona. If we see a need for either of these personas to use both of the UIs, then the ability to switch between the two UIs would be great. Otherwise, I'm not sure that ability is necessary. As an aside, as the tech writer I would love to be able to switch between the two UIs, but I'm not really one of our supported personas __ Darn! Rita Rita McKissick ! Sr. Technical Writer rmckiss...@hortonworks.com (mobile) 831-234-3676 On 3/5/19, 9:50 AM, "Michael Miklavcic" wrote: The original design was done with the intent to keep the user profiles (soc analyst vs ops personnel) separate and enable a microservices-oriented architecture. I don't have a strong opinion one way or the other, but I'd be interested to hear whether others in the community find this wall useful, or if we should come back to a single pain of glass. Mike On Tue, Mar 5, 2019 at 9:12 AM Shane Ardell wrote: > Hello everyone, > > I recently started experimenting with implementing a navigation bar in both > the Alerts and Management UI. It would allow us to navigate between the two > UIs through links instead of manually entering a url or opening separate > tabs from Ambari. > > I'm just wondering what everyone's thoughts are. Is this something we want > in Metron? >
Re: Knox SSO feature branch PRs: a quick demo
Thanks, Simon. Very helpful for documentation information, too. Rita McKissick ! Sr. Technical Writer rmckiss...@hortonworks.com (mobile) 831-234-3676 On 8/1/18, 8:34 PM, "Simon Elliston Ball" wrote: I've recently put in a number of PRs on the Knox feature branch, and thought it might be useful to post a quick 'sprint demo' style explanation of what the various PRs and functionality entails: https://youtu.be/9OJz6hg0N1I Hope this helps with review process. There are a couple of areas where that need a little follow on improvement (Ambari mpack cosmetic oddness mainly). Any thoughts and assistance on that would be very greatly appreciated. Simon
FW: Change to Indexing section of Admin Guide
Sorry, please disregard this email. Sent to wrong email alias. Rita Rita McKissick ! Sr. Technical Writer rmckiss...@hortonworks.com (mobile) 831-234-3676 On 10/3/17, 6:53 AM, "Rita McKissick" <rmckiss...@hortonworks.com> wrote: >Hi everyone, > >Jasper requested that I copy the section on tuning HDFS to the section on >Indexing. So, I’ve added this section to the Indexing section on the Admin >Guide: >http://dev.hortonworks.com.s3.amazonaws.com/HDPDocuments/HCP1/HCP-1-trunk/bk_administration/content/configuring_indexing.html > >Let me know if you have any suggestions or feedback on this change. > >Thanks, > >Rita > >Rita McKissick ! Sr. Technical Writer >rmckiss...@hortonworks.com >(mobile) 831-234-3676 > >
Change to Indexing section of Admin Guide
Hi everyone, Jasper requested that I copy the section on tuning HDFS to the section on Indexing. So, I’ve added this section to the Indexing section on the Admin Guide: http://dev.hortonworks.com.s3.amazonaws.com/HDPDocuments/HCP1/HCP-1-trunk/bk_administration/content/configuring_indexing.html Let me know if you have any suggestions or feedback on this change. Thanks, Rita Rita McKissick ! Sr. Technical Writer rmckiss...@hortonworks.com (mobile) 831-234-3676
Re: [DISCUSS] Meta alert Elasticsearch new template requirement ramifications
Hi Justin,
I am adding the nested “alert" field requirement to the product documentation,
and I had a question:
* If the user opts to use the default configuration, will they still need to
add the nested “alert” field?
When I’m finished with the documentation, I’ll send you a link to make sure
what I’ve documented is correct.
Thanks,
Rita
Rita McKissick ! Sr. Technical Writer
rmckiss...@hortonworks.com
(mobile) 831-234-3676
On 9/29/17, 6:59 AM, "Justin Leet" <justinjl...@gmail.com> wrote:
>As part of building a backend for meta-alerts (
>https://github.com/apache/metron/pull/734), there's an additional
>requirement for the Elasticsearch templates for new sensors. Although
>seemingly minor, this should be called out explicitly because of the wider
>implications of leaving it out of ANY sensor. Specifically, this can
>result in the UI and other queries not returning results, because
>Elasticsearch throws an error.
>
>A nested "alert" field must be added in the form:
>
>"alert": {
> "type": "nested"
>},
>
>This results from Elasticsearch 2.x requiring the type of searches that
>meta alerts wrap to have the fields exist in all indices or the query fails.
>
>In Elasticsearch 5.x, there is a per query parameter that can be set to
>avoid this: see
>https://www.elastic.co/guide/en/elasticsearch/reference/current/search-request-sort.html#_ignoring_unmapped_fields
>.
>
>The obvious short-term thing that needs to happen with this is improved
>documentation. A ticket for documenting this (with some more specific
>details and what the error looks like is at
>https://issues.apache.org/jira/browse/METRON-1220). Where should that
>documentation live? It seems like our documentation in general around this
>type of stuff is a little lacking. Right now, I'm putting a prelim version
>into the metron-indexing README, but either now or as a followon we should
>have a more robust version that lays requirements for things like
>templating.
>
>There are a couple options I see to address this more robustly.
>1) Just upgrade to ES 5.x and modify the meta alert query appropriately. A
>beginning basis for this change exists in
>https://github.com/apache/metron/pull/619. More works needs to happen
>there to finalize it
>2) Add in ZK hooks for when a new sensor is added. The DAOs could receive
>word that a new sensor has been added in ZK and then build and submit the
>modified template itself. This (or a variant) is probably something that
>should happen anyway, in order to be more consistent with the other pieces
>that monitor and act on ZK updates.
>3) There may be some mitigating that can be done here, e.g. if a query
>fails with the relevant error, rerun a different variant that may not hit
>the meta alerts, but doesn't fail as extravagantly.
>
>Is there a preference on either where the new documentation lives? And is
>there a preference on how we address this going forward?
>
>Justin
FW: Runbook is ready for review
My apologies. I sent this doc to the wrong email alias. Please ignore this review request. Rita Rita McKissick ! Sr. Technical Writer On 7/5/17, 6:48 AM, "Rita McKissick" <rmckiss...@hortonworks.com> wrote: >There are still a couple sections that are work in progress: > > * Enriching Threat Intelligence > * Configuring Indexing > >but please feel free to comment on the entire guide: > >http://dev.hortonworks.com.s3.amazonaws.com/HDPDocuments/HCS1/HCS-1-trunk/bk_runbook/content/index.html > >I’ll need your comments by COB Friday in order to incorporate them for our >upcoming release. > >Thanks, > >Rita > > >Rita McKissick ! Sr. Technical Writer > >
Re: Runbook is ready for review
Thank you for the catch, Otto. I will remove any references to incubating. Rita Rita McKissick ! Sr. Technical Writer From: Otto Fowler Date: Wednesday, July 5, 2017 at 6:51 AM To: default, "dev@metron.apache.org<mailto:dev@metron.apache.org>" Subject: Re: Runbook is ready for review Metron has graduated, and as such any reference to Apache Metron (Incubating) should be just Apache Metron. On July 5, 2017 at 09:48:37, Rita McKissick (rmckiss...@hortonworks.com<mailto:rmckiss...@hortonworks.com>) wrote: There are still a couple sections that are work in progress: * Enriching Threat Intelligence * Configuring Indexing but please feel free to comment on the entire guide: http://dev.hortonworks.com.s3.amazonaws.com/HDPDocuments/HCS1/HCS-1-trunk/bk_runbook/content/index.html I’ll need your comments by COB Friday in order to incorporate them for our upcoming release. Thanks, Rita Rita McKissick ! Sr. Technical Writer
Runbook is ready for review
There are still a couple sections that are work in progress: * Enriching Threat Intelligence * Configuring Indexing but please feel free to comment on the entire guide: http://dev.hortonworks.com.s3.amazonaws.com/HDPDocuments/HCS1/HCS-1-trunk/bk_runbook/content/index.html I’ll need your comments by COB Friday in order to incorporate them for our upcoming release. Thanks, Rita Rita McKissick ! Sr. Technical Writer
