[GitHub] metron pull request #711: METRON-1127: Add ability to escalate alerts for ex...
Github user asfgit closed the pull request at: https://github.com/apache/metron/pull/711 ---
[GitHub] metron pull request #711: METRON-1127: Add ability to escalate alerts for ex...
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/metron/pull/711#discussion_r135898556
--- Diff:
metron-interface/metron-rest/src/main/java/org/apache/metron/rest/service/impl/AlertServiceImpl.java
---
@@ -0,0 +1,57 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.metron.rest.service.impl;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import java.util.Map;
+import org.apache.metron.common.utils.JSONUtils;
+import org.apache.metron.rest.MetronRestConstants;
+import org.apache.metron.rest.RestException;
+import org.apache.metron.rest.service.AlertService;
+import org.apache.metron.rest.service.KafkaService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.env.Environment;
+import org.springframework.stereotype.Service;
+
+/**
+ * The default service layer implementation of {@link AlertService}.
+ *
+ * @see AlertService
+ */
+@Service
+public class AlertServiceImpl implements AlertService {
+
+ private Environment environment;
+ private final KafkaService kafkaService;
+
+ @Autowired
+ public AlertServiceImpl(final KafkaService kafkaService,
+ final Environment environment) {
+this.kafkaService = kafkaService;
+this.environment = environment;
+ }
+
--- End diff --
> Yes the endpoint expects all alert data to be passed in. I'm trying to
avoid an extra ES call (alert data will travel across the network either way).
I think @merrimanr 's implementation makes the most sense right now. We
assume the client has all of the necessary details about the alert that they
want to escalate. Adding extra logic to pull the freshest version from the
index (ES) does not make sense to me.
As a SOC analyst using the Alerts UI, if I escalate an alert, I want to
know that what I am seeing on my screen is what I actually escalated. I
escalated the alert based on the information that I had in front of me; it is a
point-in-time snapshot.
If the alert changes between the time that I loaded the alert on my screen
and when I clicked escalate, then that is a condition that can only be
correctly recovered from in the UI, not in the REST API.
In addition, the result of escalation here is that we are pushing data into
a Kafka topic. The only reasonable expectation is that this data is a
point-in-time snapshot. We don't need to jump through hoops to try and sync
with any changes in the index.
If the alerts data needs refreshed, then the consumer of the 'escalation'
Kafka topic needs to do that. Whether the data needs refreshed and how fresh
that needs to be are decisions that only the consumer of that topic can make.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] metron pull request #711: METRON-1127: Add ability to escalate alerts for ex...
Github user merrimanr commented on a diff in the pull request:
https://github.com/apache/metron/pull/711#discussion_r135828943
--- Diff:
metron-interface/metron-rest/src/main/java/org/apache/metron/rest/service/impl/AlertServiceImpl.java
---
@@ -0,0 +1,57 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.metron.rest.service.impl;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import java.util.Map;
+import org.apache.metron.common.utils.JSONUtils;
+import org.apache.metron.rest.MetronRestConstants;
+import org.apache.metron.rest.RestException;
+import org.apache.metron.rest.service.AlertService;
+import org.apache.metron.rest.service.KafkaService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.env.Environment;
+import org.springframework.stereotype.Service;
+
+/**
+ * The default service layer implementation of {@link AlertService}.
+ *
+ * @see AlertService
+ */
+@Service
+public class AlertServiceImpl implements AlertService {
+
+ private Environment environment;
+ private final KafkaService kafkaService;
+
+ @Autowired
+ public AlertServiceImpl(final KafkaService kafkaService,
+ final Environment environment) {
+this.kafkaService = kafkaService;
+this.environment = environment;
+ }
+
--- End diff --
Documentation issues aside, are we concerned about a potential race
condition? It sounds like we are. In that case we would need to retrieve the
alerts from ES in the REST service before they are escalated. Is my
understanding correct?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] metron pull request #711: METRON-1127: Add ability to escalate alerts for ex...
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/711#discussion_r135816057
--- Diff:
metron-interface/metron-rest/src/main/java/org/apache/metron/rest/service/impl/AlertServiceImpl.java
---
@@ -0,0 +1,57 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.metron.rest.service.impl;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import java.util.Map;
+import org.apache.metron.common.utils.JSONUtils;
+import org.apache.metron.rest.MetronRestConstants;
+import org.apache.metron.rest.RestException;
+import org.apache.metron.rest.service.AlertService;
+import org.apache.metron.rest.service.KafkaService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.env.Environment;
+import org.springframework.stereotype.Service;
+
+/**
+ * The default service layer implementation of {@link AlertService}.
+ *
+ * @see AlertService
+ */
+@Service
+public class AlertServiceImpl implements AlertService {
+
+ private Environment environment;
+ private final KafkaService kafkaService;
+
+ @Autowired
+ public AlertServiceImpl(final KafkaService kafkaService,
+ final Environment environment) {
+this.kafkaService = kafkaService;
+this.environment = environment;
+ }
+
--- End diff --
@simonellistonball I don't think that is what this api does. We need to
clarify.
There is also a difference between the rest api and the ui workflow. They
both have to make sense on their own.
Do we need a discussion thread? or a document?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] metron pull request #711: METRON-1127: Add ability to escalate alerts for ex...
Github user simonellistonball commented on a diff in the pull request:
https://github.com/apache/metron/pull/711#discussion_r135813488
--- Diff:
metron-interface/metron-rest/src/main/java/org/apache/metron/rest/service/impl/AlertServiceImpl.java
---
@@ -0,0 +1,57 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.metron.rest.service.impl;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import java.util.Map;
+import org.apache.metron.common.utils.JSONUtils;
+import org.apache.metron.rest.MetronRestConstants;
+import org.apache.metron.rest.RestException;
+import org.apache.metron.rest.service.AlertService;
+import org.apache.metron.rest.service.KafkaService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.env.Environment;
+import org.springframework.stereotype.Service;
+
+/**
+ * The default service layer implementation of {@link AlertService}.
+ *
+ * @see AlertService
+ */
+@Service
+public class AlertServiceImpl implements AlertService {
+
+ private Environment environment;
+ private final KafkaService kafkaService;
+
+ @Autowired
+ public AlertServiceImpl(final KafkaService kafkaService,
+ final Environment environment) {
+this.kafkaService = kafkaService;
+this.environment = environment;
+ }
+
--- End diff --
My understanding is that this is for manual escalation, and should just
expose everything in the alert (or meta-alert) that is being manually
escalated.
The user would essentially add comments and make modifications before
escalating, which would be persisted
The alert which is pushed onto the queue should be the current alert state,
i.e. with all those modifications. This was done elsewhere (sorry, can't
remember the ticket number). So the alert data being pushed should come off the
cluster side, and it should have all the content already sent from the client
by a separate process.
I think that should achieve pretty much what you're talking about
@ottobackwards.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] metron pull request #711: METRON-1127: Add ability to escalate alerts for ex...
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/711#discussion_r135811520
--- Diff:
metron-interface/metron-rest/src/main/java/org/apache/metron/rest/service/impl/AlertServiceImpl.java
---
@@ -0,0 +1,57 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.metron.rest.service.impl;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import java.util.Map;
+import org.apache.metron.common.utils.JSONUtils;
+import org.apache.metron.rest.MetronRestConstants;
+import org.apache.metron.rest.RestException;
+import org.apache.metron.rest.service.AlertService;
+import org.apache.metron.rest.service.KafkaService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.env.Environment;
+import org.springframework.stereotype.Service;
+
+/**
+ * The default service layer implementation of {@link AlertService}.
+ *
+ * @see AlertService
+ */
+@Service
+public class AlertServiceImpl implements AlertService {
+
+ private Environment environment;
+ private final KafkaService kafkaService;
+
+ @Autowired
+ public AlertServiceImpl(final KafkaService kafkaService,
+ final Environment environment) {
+this.kafkaService = kafkaService;
+this.environment = environment;
+ }
+
--- End diff --
Can you give an example? I don't see how.
escalate(List alertId, String patchFields)?
When we get the alerts is there a version - so that we will just work
with the version we have and even if v+1 goes in it won't matter?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] metron pull request #711: METRON-1127: Add ability to escalate alerts for ex...
Github user merrimanr commented on a diff in the pull request:
https://github.com/apache/metron/pull/711#discussion_r135806560
--- Diff:
metron-interface/metron-rest/src/main/java/org/apache/metron/rest/service/impl/AlertServiceImpl.java
---
@@ -0,0 +1,57 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.metron.rest.service.impl;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import java.util.Map;
+import org.apache.metron.common.utils.JSONUtils;
+import org.apache.metron.rest.MetronRestConstants;
+import org.apache.metron.rest.RestException;
+import org.apache.metron.rest.service.AlertService;
+import org.apache.metron.rest.service.KafkaService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.env.Environment;
+import org.springframework.stereotype.Service;
+
+/**
+ * The default service layer implementation of {@link AlertService}.
+ *
+ * @see AlertService
+ */
+@Service
+public class AlertServiceImpl implements AlertService {
+
+ private Environment environment;
+ private final KafkaService kafkaService;
+
+ @Autowired
+ public AlertServiceImpl(final KafkaService kafkaService,
+ final Environment environment) {
+this.kafkaService = kafkaService;
+this.environment = environment;
+ }
+
--- End diff --
I was coming at it from a transactional perspective and trying to avoid a
race condition (alert changes after a client requests it and before it gets
escalated). I think a lot of what you describe can already be done by chaining
rest calls together.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] metron pull request #711: METRON-1127: Add ability to escalate alerts for ex...
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/711#discussion_r135794224
--- Diff:
metron-interface/metron-rest/src/main/java/org/apache/metron/rest/service/impl/AlertServiceImpl.java
---
@@ -0,0 +1,57 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.metron.rest.service.impl;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import java.util.Map;
+import org.apache.metron.common.utils.JSONUtils;
+import org.apache.metron.rest.MetronRestConstants;
+import org.apache.metron.rest.RestException;
+import org.apache.metron.rest.service.AlertService;
+import org.apache.metron.rest.service.KafkaService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.env.Environment;
+import org.springframework.stereotype.Service;
+
+/**
+ * The default service layer implementation of {@link AlertService}.
+ *
+ * @see AlertService
+ */
+@Service
+public class AlertServiceImpl implements AlertService {
+
+ private Environment environment;
+ private final KafkaService kafkaService;
+
+ @Autowired
+ public AlertServiceImpl(final KafkaService kafkaService,
+ final Environment environment) {
+this.kafkaService = kafkaService;
+this.environment = environment;
+ }
+
--- End diff --
What I was thinking about is the assumption that the client will have the
'full alert'.
If the client requests alerts based on queries, and specifies the fields
for return as a subset of the complete fields, then you are making the
assumption that the subset is what will be required for escalation. These are
different use cases. It is more likely that what will be required is:
- Query from any point to service returned sum subset of fields for alert A.
- User decides to escalate, and has some option to add new
fields/data/annotations to alerts ( best would we to have some 'additional
field list + description' per escalation target that we can load into the ui )
to alert.
- User may add same fields/annotations to multiple alerts ( escalate all in
query )
- Escalation takes annotations and alert id's, merges the annotations with
the full alert (or from a query that returns the fields required by the
target?) and sends them
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] metron pull request #711: METRON-1127: Add ability to escalate alerts for ex...
Github user merrimanr commented on a diff in the pull request:
https://github.com/apache/metron/pull/711#discussion_r135791883
--- Diff:
metron-interface/metron-rest/src/main/java/org/apache/metron/rest/service/impl/AlertServiceImpl.java
---
@@ -0,0 +1,57 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.metron.rest.service.impl;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import java.util.Map;
+import org.apache.metron.common.utils.JSONUtils;
+import org.apache.metron.rest.MetronRestConstants;
+import org.apache.metron.rest.RestException;
+import org.apache.metron.rest.service.AlertService;
+import org.apache.metron.rest.service.KafkaService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.env.Environment;
+import org.springframework.stereotype.Service;
+
+/**
+ * The default service layer implementation of {@link AlertService}.
+ *
+ * @see AlertService
+ */
+@Service
+public class AlertServiceImpl implements AlertService {
+
+ private Environment environment;
+ private final KafkaService kafkaService;
+
+ @Autowired
+ public AlertServiceImpl(final KafkaService kafkaService,
+ final Environment environment) {
+this.kafkaService = kafkaService;
+this.environment = environment;
+ }
+
--- End diff --
I can adjust it to accept a list of alerts. I agree that would be better.
Yes the endpoint expects all alert data to be passed in. I'm trying to
avoid an extra ES call (alert data will travel across the network either way).
But now that you bring it up I'm not sure. Do we want to make it flexible
so that an alert can be annotated/modified before being escalated? Would
fetching an alert from ES be unnecessary since it's assumed the client will
already have a copy? Would we want to ensure that the most recent version in
ES is always escalated? Should we expose both options?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] metron pull request #711: METRON-1127: Add ability to escalate alerts for ex...
GitHub user merrimanr opened a pull request:
https://github.com/apache/metron/pull/711
METRON-1127: Add ability to escalate alerts for external consumption
## Contributor Comments
This PR exposes a way to put alerts (or any message) into a configurable
escalation Kafka topic. In summary:
- Adds a "metron_escalation_topic" parameter to MPack and Spring property
file
- Provides a default value and sets up the topic upon MPack installation
- Adds a new AlertController for this and future alert-related functions
- Adds a producer to the Kafka service and controller
- Adds and updates the appropriate unit and integration tests, including
making the KafkaControllerIntegrationTest simpler
- Adds documentation to the README
This can be tested in full dev with Swagger by first ensuring the
"escalation" topic is automatically created and showing up in the list of
topics (use the "/api/v1/kafka/topic" endpoint). Next use
"/api/v1/alert/escalate" endpoint in the alert-controller to escalate an alert,
you should receive a 200 response code. Finally get the latest message from
the Kafka "escalation" topic with "/api/v1/kafka/topic/{name}/sample" endpoint.
You should get the same message that you escalated in the previous step.
## Pull Request Checklist
Thank you for submitting a contribution to Apache Metron.
Please refer to our [Development
Guidelines](https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61332235)
for the complete guide to follow for contributions.
Please refer also to our [Build Verification
Guidelines](https://cwiki.apache.org/confluence/display/METRON/Verifying+Builds?show-miniview)
for complete smoke testing guides.
In order to streamline the review of the contribution we ask you follow
these guidelines and ask you to double check the following:
### For all changes:
- [x] Is there a JIRA ticket associated with this PR? If not one needs to
be created at [Metron
Jira](https://issues.apache.org/jira/browse/METRON/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel).
- [x] Does your PR title start with METRON- where is the JIRA
number you are trying to resolve? Pay particular attention to the hyphen "-"
character.
- [x] Has your PR been rebased against the latest commit within the target
branch (typically master)?
### For code changes:
- [x] Have you included steps to reproduce the behavior or problem that is
being changed or addressed?
- [x] Have you included steps or a guide to how the change may be verified
and tested manually?
- [x] Have you ensured that the full suite of tests and checks have been
executed in the root metron folder via:
```
mvn -q clean integration-test install && build_utils/verify_licenses.sh
```
- [x] Have you written or updated unit tests and or integration tests to
verify your changes?
- [x] If adding new dependencies to the code, are these dependencies
licensed in a way that is compatible for inclusion under [ASF
2.0](http://www.apache.org/legal/resolved.html#category-a)?
- [x] Have you verified the basic functionality of the build by building
and running locally with Vagrant full-dev environment or the equivalent?
### For documentation related changes:
- [x] Have you ensured that format looks appropriate for the output in
which it is rendered by building and verifying the site-book? If not then run
the following commands and the verify changes via
`site-book/target/site/index.html`:
```
cd site-book
mvn site
```
Note:
Please ensure that once the PR is submitted, you check travis-ci for build
issues and submit an update to your PR as soon as possible.
It is also recommended that [travis-ci](https://travis-ci.org) is set up
for your personal repository such that your branches are built there before
submitting a pull request.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/merrimanr/incubator-metron METRON-1127
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/metron/pull/711.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #711
commit 5f8f49cff4050b57a07347be6f2fe6ce131494c9
Author: merrimanr
Date: 2017-08-22T19:54:19Z
initial commit
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
