[GitHub] metron issue #1242: METRON-1834: Migrate Elasticsearch from TransportClient ...

2018-11-15 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1242
  
> specifically setting `topology.ackers.executors` equal to the number of 
inbound Kafka topic partitions

And the number of Workers too. i.e. 
No. of Kafka partitions = No. of workers (`ra_indexing_workers`) = No. of 
Ackers (`ra_indexing_acker_executors`)

In my test, I set this to 10 and saw no failed tuples in the kafkaSpout.

My +1 holds. Thanks @mmiklavc !


---

[GitHub] metron issue #1242: METRON-1834: Migrate Elasticsearch from TransportClient ...

2018-11-08 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1242
  
> The last remaining bit before I merge this will be sharing some results 
around the performance/regression testing performed by @anandsubbu.

I completed a set of performance comparison tests between the REST and 
Transport clients. Here's the update.

### Note on the Testing Done
* The performance regression comparison tests are run on a multi-node 
VM-based environment by:
a) Running a set of tests using the ES REST Client 
b) Swap out the REST client with the Transport client, and re-run the same 
set of tests.

### Observations
1) The indexing rate numbers with the REST client is similar to that of the 
Transport client.
2) I had noticed storm rebalance error messages for the kafkaSpout for both 
REST and Transport client runs, which required to adjust the values of 
`request.timeout.ms` and `session.timeout.ms` in the ES flux file under 
'kafkaProps'. The errors were resolved after making these changes. 
3) For the REST client, I observed listener timeout exceptions with the 
default settings. I had to increase max retry and socket timeout values in 
global config as follows, in order to resolve the exceptions.
```
  "es.client.settings" : {
"max.retry.timeout.millis" : "6",
"socket.timeout.millis" : "6"
  }
```
4) For both cases, the kafkaSpout complete latency was seen to be on the 
higher side (~30 secs)
5) Lastly, I noticed that there were a number of failed tuples seen in the 
kafkaSpout of the RA Indexing topology. I am continuing to dig more into this, 
but since this was seen for both the REST and Transport client tests, I am 
suspecting it could be an anomaly with the test environment, or a different 
issue common to both REST/Transport clients.

Based on the above, it is seen that there is no immediate regression in 
performance b/w the REST and Transport client. 

+1, great work @mmiklavc 


---

[GitHub] metron pull request #1256: METRON-1861: REST fails to start when LDAP enable...

2018-11-08 Thread anandsubbu 
GitHub user anandsubbu opened a pull request:

https://github.com/apache/metron/pull/1256

METRON-1861: REST fails to start when LDAP enabled and 'Active Spring 
profiles' config is empty

## Contributor Comments
Set 'Active Spring profiles' to just `ldap`, when 
`metron_spring_profiles_active` is blank.

### Testing Steps 
1. Set 'LDAP Enabled' to On and set 'Active Spring profiles' as blank
2. Restart REST service and validate that it starts up fine.

## Pull Request Checklist

Thank you for submitting a contribution to Apache Metron.  
Please refer to our [Development 
Guidelines](https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61332235)
 for the complete guide to follow for contributions.  
Please refer also to our [Build Verification 
Guidelines](https://cwiki.apache.org/confluence/display/METRON/Verifying+Builds?show-miniview)
 for complete smoke testing guides.  


In order to streamline the review of the contribution we ask you follow 
these guidelines and ask you to double check the following:

### For all changes:
- [x] Is there a JIRA ticket associated with this PR? If not one needs to 
be created at [Metron 
Jira](https://issues.apache.org/jira/browse/METRON/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel).
- [x] Does your PR title start with METRON- where  is the JIRA 
number you are trying to resolve? Pay particular attention to the hyphen "-" 
character.
- [x] Has your PR been rebased against the latest commit within the target 
branch (typically master)?


### For code changes:
- [x] Have you included steps to reproduce the behavior or problem that is 
being changed or addressed?
- [x] Have you included steps or a guide to how the change may be verified 
and tested manually?
- [ ] Have you ensured that the full suite of tests and checks have been 
executed in the root metron folder via:
  ```
  mvn -q clean integration-test install && 
dev-utilities/build-utils/verify_licenses.sh 
  ```

- [ ] Have you written or updated unit tests and or integration tests to 
verify your changes?
- [ ] If adding new dependencies to the code, are these dependencies 
licensed in a way that is compatible for inclusion under [ASF 
2.0](http://www.apache.org/legal/resolved.html#category-a)?
- [ ] Have you verified the basic functionality of the build by building 
and running locally with Vagrant full-dev environment or the equivalent?

### For documentation related changes:
- [ ] Have you ensured that format looks appropriate for the output in 
which it is rendered by building and verifying the site-book? If not then run 
the following commands and the verify changes via 
`site-book/target/site/index.html`:

  ```
  cd site-book
  mvn site
  ```

 Note:
Please ensure that once the PR is submitted, you check travis-ci for build 
issues and submit an update to your PR as soon as possible.
It is also recommended that [travis-ci](https://travis-ci.org) is set up 
for your personal repository such that your branches are built there before 
submitting a pull request.


You can merge this pull request into a Git repository by running:

$ git pull https://github.com/anandsubbu/incubator-metron METRON-1861

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/metron/pull/1256.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #1256


commit ad781b6da1b03524ea63c318ebe68c47758c5b64
Author: Anand Subramanian 
Date:   2018-11-08T09:24:45Z

Handle case when metron_spring_profiles_active is empty




---

[GitHub] metron issue #1246: METRON-1844: Allow for LDAP to be used for authenticatio...

2018-11-01 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1246
  
My +1 as well. 

I spun up a multi-node cluster and set this up using the demo LDAP service 
provided by Knox. I was able to authenticate using the demo users for all the 
Swagger, Alerts and Management UI interfaces. Nicely done, @justinleet !


---

[GitHub] metron pull request #1246: METRON-1844: Allow for LDAP to be used for authen...

2018-10-30 Thread anandsubbu 
Github user anandsubbu commented on a diff in the pull request:

https://github.com/apache/metron/pull/1246#discussion_r229259363
  
--- Diff: 
metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/params/params_linux.py
 ---
@@ -267,6 +274,21 @@
 if 'solr-config-env' in config['configurations']:
 solr_principal_name = solr_principal_name.replace('_HOST', 
hostname_lowercase)
 
+# LDAP
+metron_ldap_url = 
config['configurations']['metron-security-env']['metron.ldap.url']
+metron_ldap_userdn = 
config['configurations']['metron-security-env']['metron.ldap.bind.dn']
+metron_ldap_password = 
config['configurations']['metron-security-env']['metron.ldap.bind.password']
+metron_ldap_user_pattern = 
config['configurations']['metron-security-env']['metron.ldap.user.dnpattern']
+metron_ldap_user_password = 
config['configurationsmetron_spring_profiles_active']['metron-security-env']['metron.ldap.user.password']
--- End diff --

Looks like a mispaste. `metron_spring_profiles_active` should be removed.


---

[GitHub] metron issue #1244: METRON-1839 Install Elasticsearch MPack Step in Ansible ...

2018-10-22 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1244
  
+1

Thanks for the fix @nickwallen ! I have seen this issue previously as well.

1. Re-created the problem first by:
a) Running `vagrant up`
b) Then attempting `vagrant provision` again
c) Noticed the following error:
```
TASK [ambari_master : Install Elasticsearch MPack on Ambari Host] 
**
fatal: [node1]: FAILED! => {"changed": true, "cmd": "ambari-server 
install-mpack --mpack=/tmp/elasticsearch_mpack-0.6.1.0.tar.gz", "delta": 
"0:00:00.433435", "end": "2018-10-21 18:12:29.939320", "msg": "non-zero return 
code", "rc": 255, "start": "2018-10-21 18:12:29.505885", "stderr": "", 
"stderr_lines": [], "stdout": "Using python  /usr/bin/python\nInstalling 
management pack\nERROR: Management pack elasticsearch-ambari.mpack-5.6.2 
already installed!\nERROR: Exiting with exit code -1. \nREASON: Management pack 
elasticsearch-ambari.mpack-5.6.2 already installed!", "stdout_lines": ["Using 
python  /usr/bin/python", "Installing management pack", "ERROR: Management pack 
elasticsearch-ambari.mpack-5.6.2 already installed!", "ERROR: Exiting with exit 
code -1. ", "REASON: Management pack elasticsearch-ambari.mpack-5.6.2 already 
installed!"]}
to retry, use: --limit 
@/Users/asubramanian/Desktop/Metron/anand-metron-fork/metron-latest/metron/metron-deployment/development/centos6/ansible/playbook.retry
```

2. Destroyed the VM, applied the fix and
a) Running `vagrant up`
b) Then ran `vagrant --ansible-skip-tags="build,sensors" provision` to see 
that the ES mpack install goes through fine:
```
TASK [ambari_master : Install Elasticsearch MPack on Ambari Host] 
**
ok: [node1]
```



---

[GitHub] metron issue #1244: METRON-1839 Install Elasticsearch MPack Step in Ansible ...

2018-10-21 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1244
  
+1

Thanks for the fix @nickwallen ! I have bumped into this issue previously 
as well.

1. Re-created the problem first by:
a) Running `vagrant up`
b) Then attempting `vagrant provision` again
c) Noticed the following error:
```
TASK [ambari_master : Install Elasticsearch MPack on Ambari Host] 
**
fatal: [node1]: FAILED! => {"changed": true, "cmd": "ambari-server 
install-mpack --mpack=/tmp/elasticsearch_mpack-0.6.1.0.tar.gz", "delta": 
"0:00:00.433435", "end": "2018-10-21 18:12:29.939320", "msg": "non-zero return 
code", "rc": 255, "start": "2018-10-21 18:12:29.505885", "stderr": "", 
"stderr_lines": [], "stdout": "Using python  /usr/bin/python\nInstalling 
management pack\nERROR: Management pack elasticsearch-ambari.mpack-5.6.2 
already installed!\nERROR: Exiting with exit code -1. \nREASON: Management pack 
elasticsearch-ambari.mpack-5.6.2 already installed!", "stdout_lines": ["Using 
python  /usr/bin/python", "Installing management pack", "ERROR: Management pack 
elasticsearch-ambari.mpack-5.6.2 already installed!", "ERROR: Exiting with exit 
code -1. ", "REASON: Management pack elasticsearch-ambari.mpack-5.6.2 already 
installed!"]}
to retry, use: --limit 
@/Users/asubramanian/Desktop/Metron/anand-metron-fork/metron-latest/metron/metron-deployment/development/centos6/ansible/playbook.retry
```

2. Destroyed the VM, applied the fix and
a) Running `vagrant up`
b) Then ran `vagrant --ansible-skip-tags="build,sensors" provision` to see 
that the ES mpack install goes through fine:
```
TASK [ambari_master : Install Elasticsearch MPack on Ambari Host] 
**
ok: [node1]
```



---

[GitHub] metron issue #1244: METRON-1839 Install Elasticsearch MPack Step in Ansible ...

2018-10-21 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1244
  
+1

Thanks for the fix @nickwallen ! I have bumped into this issue previously 
as well.

1. Re-created the problem first by:
a) Running `vagrant up`
b) Then attempting `vagrant provision` again
c) Noticed the following error:
```
TASK [ambari_master : Install Elasticsearch MPack on Ambari Host] 
**
fatal: [node1]: FAILED! => {"changed": true, "cmd": "ambari-server 
install-mpack --mpack=/tmp/elasticsearch_mpack-0.6.1.0.tar.gz", "delta": 
"0:00:00.433435", "end": "2018-10-21 18:12:29.939320", "msg": "non-zero return 
code", "rc": 255, "start": "2018-10-21 18:12:29.505885", "stderr": "", 
"stderr_lines": [], "stdout": "Using python  /usr/bin/python\nInstalling 
management pack\nERROR: Management pack elasticsearch-ambari.mpack-5.6.2 
already installed!\nERROR: Exiting with exit code -1. \nREASON: Management pack 
elasticsearch-ambari.mpack-5.6.2 already installed!", "stdout_lines": ["Using 
python  /usr/bin/python", "Installing management pack", "ERROR: Management pack 
elasticsearch-ambari.mpack-5.6.2 already installed!", "ERROR: Exiting with exit 
code -1. ", "REASON: Management pack elasticsearch-ambari.mpack-5.6.2 already 
installed!"]}
to retry, use: --limit 
@/Users/asubramanian/Desktop/Metron/anand-metron-fork/metron-latest/metron/metron-deployment/development/centos6/ansible/playbook.retry
```

2. Destroyed the VM, applied the fix and
a) Running `vagrant up`
b) Then ran `vagrant --ansible-skip-tags="build,sensors" provision` to see 
that the ES mpack install goes through fine:
```
TASK [ambari_master : Install Elasticsearch MPack on Ambari Host] 
**
ok: [node1]
```



---

[GitHub] metron issue #1244: METRON-1839 Install Elasticsearch MPack Step in Ansible ...

2018-10-21 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1244
  
+1

Thanks for the fix @nickwallen ! I have seen this issue previously as well.

1. Re-created the problem first by:
a) Running `vagrant up`
b) Then attempting `vagrant provision` again
c) Noticed the following error:
```
TASK [ambari_master : Install Elasticsearch MPack on Ambari Host] 
**
fatal: [node1]: FAILED! => {"changed": true, "cmd": "ambari-server 
install-mpack --mpack=/tmp/elasticsearch_mpack-0.6.1.0.tar.gz", "delta": 
"0:00:00.433435", "end": "2018-10-21 18:12:29.939320", "msg": "non-zero return 
code", "rc": 255, "start": "2018-10-21 18:12:29.505885", "stderr": "", 
"stderr_lines": [], "stdout": "Using python  /usr/bin/python\nInstalling 
management pack\nERROR: Management pack elasticsearch-ambari.mpack-5.6.2 
already installed!\nERROR: Exiting with exit code -1. \nREASON: Management pack 
elasticsearch-ambari.mpack-5.6.2 already installed!", "stdout_lines": ["Using 
python  /usr/bin/python", "Installing management pack", "ERROR: Management pack 
elasticsearch-ambari.mpack-5.6.2 already installed!", "ERROR: Exiting with exit 
code -1. ", "REASON: Management pack elasticsearch-ambari.mpack-5.6.2 already 
installed!"]}
to retry, use: --limit 
@/Users/asubramanian/Desktop/Metron/anand-metron-fork/metron-latest/metron/metron-deployment/development/centos6/ansible/playbook.retry
```

2. Destroyed the VM, applied the fix and
a) Running `vagrant up`
b) Then ran `vagrant --ansible-skip-tags="build,sensors" provision` to see 
that the ES mpack install goes through fine:
```
TASK [ambari_master : Install Elasticsearch MPack on Ambari Host] 
**
ok: [node1]
```



---

[GitHub] metron issue #1244: METRON-1839 Install Elasticsearch MPack Step in Ansible ...

2018-10-21 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1244
  
+1

Thanks for the fix @nickwallen ! I have seen this issue previously as well.

1. Re-created the problem first by:
a) Running `vagrant up`
b) Then attempting `vagrant provision` again
c) Noticed the following error:
```
TASK [ambari_master : Install Elasticsearch MPack on Ambari Host] 
**
fatal: [node1]: FAILED! => {"changed": true, "cmd": "ambari-server 
install-mpack --mpack=/tmp/elasticsearch_mpack-0.6.1.0.tar.gz", "delta": 
"0:00:00.433435", "end": "2018-10-21 18:12:29.939320", "msg": "non-zero return 
code", "rc": 255, "start": "2018-10-21 18:12:29.505885", "stderr": "", 
"stderr_lines": [], "stdout": "Using python  /usr/bin/python\nInstalling 
management pack\nERROR: Management pack elasticsearch-ambari.mpack-5.6.2 
already installed!\nERROR: Exiting with exit code -1. \nREASON: Management pack 
elasticsearch-ambari.mpack-5.6.2 already installed!", "stdout_lines": ["Using 
python  /usr/bin/python", "Installing management pack", "ERROR: Management pack 
elasticsearch-ambari.mpack-5.6.2 already installed!", "ERROR: Exiting with exit 
code -1. ", "REASON: Management pack elasticsearch-ambari.mpack-5.6.2 already 
installed!"]}
to retry, use: --limit 
@/Users/asubramanian/Desktop/Metron/anand-metron-fork/metron-latest/metron/metron-deployment/development/centos6/ansible/playbook.retry
```

2. Destroyed the VM, applied the fix and
a) Running `vagrant up`
b) Then ran `vagrant --ansible-skip-tags="build,sensors" provision` to see 
that the ES mpack install goes through fine:
```
TASK [ambari_master : Install Elasticsearch MPack on Ambari Host] 
**
ok: [node1]
```



---

[GitHub] metron issue #1244: METRON-1839 Install Elasticsearch MPack Step in Ansible ...

2018-10-21 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1244
  
+1

Thanks for the fix @nickwallen ! I have seen this issue previously as well.

1. Re-created the problem first by:
a) Running `vagrant up`
b) Then attempting `vagrant provision` again
c) Noticed the following error:
```
TASK [ambari_master : Install Elasticsearch MPack on Ambari Host] 
**
fatal: [node1]: FAILED! => {"changed": true, "cmd": "ambari-server 
install-mpack --mpack=/tmp/elasticsearch_mpack-0.6.1.0.tar.gz", "delta": 
"0:00:00.433435", "end": "2018-10-21 18:12:29.939320", "msg": "non-zero return 
code", "rc": 255, "start": "2018-10-21 18:12:29.505885", "stderr": "", 
"stderr_lines": [], "stdout": "Using python  /usr/bin/python\nInstalling 
management pack\nERROR: Management pack elasticsearch-ambari.mpack-5.6.2 
already installed!\nERROR: Exiting with exit code -1. \nREASON: Management pack 
elasticsearch-ambari.mpack-5.6.2 already installed!", "stdout_lines": ["Using 
python  /usr/bin/python", "Installing management pack", "ERROR: Management pack 
elasticsearch-ambari.mpack-5.6.2 already installed!", "ERROR: Exiting with exit 
code -1. ", "REASON: Management pack elasticsearch-ambari.mpack-5.6.2 already 
installed!"]}
to retry, use: --limit 
@/Users/asubramanian/Desktop/Metron/anand-metron-fork/metron-latest/metron/metron-deployment/development/centos6/ansible/playbook.retry
```

2. Destroyed the VM, applied the fix and 
a) Running `vagrant up`
b) Then ran `vagrant --ansible-skip-tags="build,sensors" provision` to see 
that the ES mpack install goes through fine:
```
TASK [ambari_master : Install Elasticsearch MPack on Ambari Host] 
**
ok: [node1]
```


---

[GitHub] metron issue #1244: METRON-1839 Install Elasticsearch MPack Step in Ansible ...

2018-10-21 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1244
  
+1

Thanks for the fix @nickwallen !

1. Re-created the problem first by:
a) Running `vagrant up`
b) Then attempting `vagrant provision` again
c) Noticed the following error (which I have also seen previously many 
times!):
```
TASK [ambari_master : Install Elasticsearch MPack on Ambari Host] 
**
fatal: [node1]: FAILED! => {"changed": true, "cmd": "ambari-server 
install-mpack --mpack=/tmp/elasticsearch_mpack-0.6.1.0.tar.gz", "delta": 
"0:00:00.433435", "end": "2018-10-21 18:12:29.939320", "msg": "non-zero return 
code", "rc": 255, "start": "2018-10-21 18:12:29.505885", "stderr": "", 
"stderr_lines": [], "stdout": "Using python  /usr/bin/python\nInstalling 
management pack\nERROR: Management pack elasticsearch-ambari.mpack-5.6.2 
already installed!\nERROR: Exiting with exit code -1. \nREASON: Management pack 
elasticsearch-ambari.mpack-5.6.2 already installed!", "stdout_lines": ["Using 
python  /usr/bin/python", "Installing management pack", "ERROR: Management pack 
elasticsearch-ambari.mpack-5.6.2 already installed!", "ERROR: Exiting with exit 
code -1. ", "REASON: Management pack elasticsearch-ambari.mpack-5.6.2 already 
installed!"]}
to retry, use: --limit 
@/Users/asubramanian/Desktop/Metron/anand-metron-fork/metron-latest/metron/metron-deployment/development/centos6/ansible/playbook.retry
```

2. Destroyed the VM, applied the fix and 
a) Running `vagrant up`
b) Then ran `vagrant --ansible-skip-tags="build,sensors" provision` to see 
that the ES mpack install goes through fine:
```
TASK [ambari_master : Install Elasticsearch MPack on Ambari Host] 
**
ok: [node1]
```


---

[GitHub] metron issue #1244: METRON-1839 Install Elasticsearch MPack Step in Ansible ...

2018-10-21 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1244
  
Hey @nickwallen , I am seeing an error at the `ambari_gather_facts : Ask 
Ambari: core_site_tag` step when trying to validate the fix. 

1. Re-created the problem first by:
a) Running `vagrant up`
b) Then attempting `vagrant provision` again
c) Noticed the following error:
```
TASK [ambari_master : Install Elasticsearch MPack on Ambari Host] 
**
fatal: [node1]: FAILED! => {"changed": true, "cmd": "ambari-server 
install-mpack --mpack=/tmp/elasticsearch_mpack-0.6.1.0.tar.gz", "delta": 
"0:00:00.433435", "end": "2018-10-21 18:12:29.939320", "msg": "non-zero return 
code", "rc": 255, "start": "2018-10-21 18:12:29.505885", "stderr": "", 
"stderr_lines": [], "stdout": "Using python  /usr/bin/python\nInstalling 
management pack\nERROR: Management pack elasticsearch-ambari.mpack-5.6.2 
already installed!\nERROR: Exiting with exit code -1. \nREASON: Management pack 
elasticsearch-ambari.mpack-5.6.2 already installed!", "stdout_lines": ["Using 
python  /usr/bin/python", "Installing management pack", "ERROR: Management pack 
elasticsearch-ambari.mpack-5.6.2 already installed!", "ERROR: Exiting with exit 
code -1. ", "REASON: Management pack elasticsearch-ambari.mpack-5.6.2 already 
installed!"]}
to retry, use: --limit 
@/Users/asubramanian/Desktop/Metron/anand-metron-fork/metron-latest/metron/metron-deployment/development/centos6/ansible/playbook.retry
```

2. Destroyed the VM, applied the fix and 
a) Running `vagrant up`
b) Then ran `vagrant --ansible-skip-tags="build,sensors" provision` after 
which I am seeing the below error:
```

TASK [ambari_gather_facts : Ask Ambari: namenode_host] 
*
changed: [node1]

TASK [ambari_gather_facts : set_fact] 
**
ok: [node1]

TASK [ambari_gather_facts : Ask Ambari: core_site_tag] 
*
fatal: [node1]: FAILED! => {"changed": true, "cmd": "curl -s -u admin:admin 
-X GET -H \"X-Requested-By: ambari\" 
'http://node1:8080/api/v1/clusters/metron_cluster/hosts/node1/host_components/NAMENODE'
 | python -c 'import sys, json; print 
json.load(sys.stdin)[\"HostRoles\"][\"actual_configs\"][\"core-site\"][\"default\"]'",
 "delta": "0:00:00.060271", "end": "2018-10-21 23:19:31.928568", "msg": 
"non-zero return code", "rc": 1, "start": "2018-10-21 23:19:31.868297", 
"stderr": "Traceback (most recent call last):\n  File \"\", line 1, in 
\nKeyError: 'core-site'", "stderr_lines": ["Traceback (most recent call 
last):", "  File \"\", line 1, in ", "KeyError: 'core-site'"], 
"stdout": "", "stdout_lines": []}
to retry, use: --limit 
@/Users/asubramanian/Desktop/Metron/anand-metron-fork/metron-latest/metron/metron-deployment/development/centos6/ansible/playbook.retry
```

Am I missing something?


---

[GitHub] metron issue #1244: METRON-1839 Install Elasticsearch MPack Step in Ansible ...

2018-10-21 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1244
  
Hey @nickwallen , I am seeing an error at the `ambari_gather_facts : Ask 
Ambari: core_site_tag` step when trying to validate the fix. 

1. Re-created the problem first by:
a) Running `vagrant up`
b) Then attempting `vagrant provision` again
c) Noticed the following error:
```
TASK [ambari_master : Install Elasticsearch MPack on Ambari Host] 
**
fatal: [node1]: FAILED! => {"changed": true, "cmd": "ambari-server 
install-mpack --mpack=/tmp/elasticsearch_mpack-0.6.1.0.tar.gz", "delta": 
"0:00:00.433435", "end": "2018-10-21 18:12:29.939320", "msg": "non-zero return 
code", "rc": 255, "start": "2018-10-21 18:12:29.505885", "stderr": "", 
"stderr_lines": [], "stdout": "Using python  /usr/bin/python\nInstalling 
management pack\nERROR: Management pack elasticsearch-ambari.mpack-5.6.2 
already installed!\nERROR: Exiting with exit code -1. \nREASON: Management pack 
elasticsearch-ambari.mpack-5.6.2 already installed!", "stdout_lines": ["Using 
python  /usr/bin/python", "Installing management pack", "ERROR: Management pack 
elasticsearch-ambari.mpack-5.6.2 already installed!", "ERROR: Exiting with exit 
code -1. ", "REASON: Management pack elasticsearch-ambari.mpack-5.6.2 already 
installed!"]}
to retry, use: --limit 
@/Users/asubramanian/Desktop/Metron/anand-metron-fork/metron-latest/metron/metron-deployment/development/centos6/ansible/playbook.retry
```

2. Destroyed the VM, applied the fix and 
a) Running `vagrant up`
b) Then ran `vagrant --ansible-skip-tags="build,sensors" provision` after 
which I am seeing the below error:
```

TASK [ambari_gather_facts : Ask Ambari: namenode_host] 
*
changed: [node1]

TASK [ambari_gather_facts : set_fact] 
**
ok: [node1]

TASK [ambari_gather_facts : Ask Ambari: core_site_tag] 
*
fatal: [node1]: FAILED! => {"changed": true, "cmd": "curl -s -u admin:admin 
-X GET -H \"X-Requested-By: ambari\" 
'http://node1:8080/api/v1/clusters/metron_cluster/hosts/node1/host_components/NAMENODE'
 | python -c 'import sys, json; print 
json.load(sys.stdin)[\"HostRoles\"][\"actual_configs\"][\"core-site\"][\"default\"]'",
 "delta": "0:00:00.060271", "end": "2018-10-21 23:19:31.928568", "msg": 
"non-zero return code", "rc": 1, "start": "2018-10-21 23:19:31.868297", 
"stderr": "Traceback (most recent call last):\n  File \"\", line 1, in 
\nKeyError: 'core-site'", "stderr_lines": ["Traceback (most recent call 
last):", "  File \"\", line 1, in ", "KeyError: 'core-site'"], 
"stdout": "", "stdout_lines": []}
to retry, use: --limit 
@/Users/asubramanian/Desktop/Metron/anand-metron-fork/metron-latest/metron/metron-deployment/development/centos6/ansible/playbook.retry
```

Am I missing something?


---

[GitHub] metron issue #1244: METRON-1839 Install Elasticsearch MPack Step in Ansible ...

2018-10-21 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1244
  
Hey @nickwallen , I am seeing an error at the `ambari_gather_facts : Ask 
Ambari: core_site_tag` step when trying to validate the fix. 

1. Re-created the problem first by:
a) Running `vagrant up`
b) Then attempting `vagrant provision` again
c) Noticed the following error:
```
TASK [ambari_master : Install Elasticsearch MPack on Ambari Host] 
**
fatal: [node1]: FAILED! => {"changed": true, "cmd": "ambari-server 
install-mpack --mpack=/tmp/elasticsearch_mpack-0.6.1.0.tar.gz", "delta": 
"0:00:00.433435", "end": "2018-10-21 18:12:29.939320", "msg": "non-zero return 
code", "rc": 255, "start": "2018-10-21 18:12:29.505885", "stderr": "", 
"stderr_lines": [], "stdout": "Using python  /usr/bin/python\nInstalling 
management pack\nERROR: Management pack elasticsearch-ambari.mpack-5.6.2 
already installed!\nERROR: Exiting with exit code -1. \nREASON: Management pack 
elasticsearch-ambari.mpack-5.6.2 already installed!", "stdout_lines": ["Using 
python  /usr/bin/python", "Installing management pack", "ERROR: Management pack 
elasticsearch-ambari.mpack-5.6.2 already installed!", "ERROR: Exiting with exit 
code -1. ", "REASON: Management pack elasticsearch-ambari.mpack-5.6.2 already 
installed!"]}
to retry, use: --limit 
@/Users/asubramanian/Desktop/Metron/anand-metron-fork/metron-latest/metron/metron-deployment/development/centos6/ansible/playbook.retry
```

2. Destroyed the VM, applied the fix and 
a) Running `vagrant up`
b) Then ran `vagrant --ansible-skip-tags="build,sensors" provision` after 
which I am seeing the below error:
```

TASK [ambari_gather_facts : Ask Ambari: namenode_host] 
*
changed: [node1]

TASK [ambari_gather_facts : set_fact] 
**
ok: [node1]

TASK [ambari_gather_facts : Ask Ambari: core_site_tag] 
*
fatal: [node1]: FAILED! => {"changed": true, "cmd": "curl -s -u admin:admin 
-X GET -H \"X-Requested-By: ambari\" 
'http://node1:8080/api/v1/clusters/metron_cluster/hosts/node1/host_components/NAMENODE'
 | python -c 'import sys, json; print 
json.load(sys.stdin)[\"HostRoles\"][\"actual_configs\"][\"core-site\"][\"default\"]'",
 "delta": "0:00:00.060271", "end": "2018-10-21 23:19:31.928568", "msg": 
"non-zero return code", "rc": 1, "start": "2018-10-21 23:19:31.868297", 
"stderr": "Traceback (most recent call last):\n  File \"\", line 1, in 
\nKeyError: 'core-site'", "stderr_lines": ["Traceback (most recent call 
last):", "  File \"\", line 1, in ", "KeyError: 'core-site'"], 
"stdout": "", "stdout_lines": []}
to retry, use: --limit 
@/Users/asubramanian/Desktop/Metron/anand-metron-fork/metron-latest/metron/metron-deployment/development/centos6/ansible/playbook.retry
```

Am I missing something?


---

[GitHub] metron issue #1207: METRON-1695: Expose pcap properties through Ambari

2018-10-05 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1207
  
Thanks @MohanDV !


---

[GitHub] metron issue #1207: METRON-1695: Expose pcap properties through Ambari

2018-10-04 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1207
  
Cool, thanks for your opinion @nickwallen . I will wait for @MohanDV 's 
thoughts as well before merging.


---

[GitHub] metron issue #1207: METRON-1695: Expose pcap properties through Ambari

2018-10-04 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1207
  
Thanks much @nickwallen for giving it another spin!

Hey @MohanDV , let me know if my below explanation makes sense. @nickwallen 
, would you have any thoughts on this?

> @MohanDV , as a part of my commit, I have moved all the UI related 
elements from REST to the PCAP config tab.
> 
> In my understanding, the following parameters are not directly related to 
the PCAP core service, but are functionally related to REST (used by the PCAP 
query panel UI):
> 
> * pdml.script.path
> * base.path
> * base.interim.result.path
> * final.output.path
> * page.size
> * yarn.queue
> * finalizer.threadpool.size
> 
> For this reason, I did not move these properties out of the 
rest_application.yml.
> 
> > @MohanDV Changing a REST Setting triggers Ambari to Restart PCAP 
Topology
> 
> With my current changes, modifying any config setting in the PCAP tab 
will require restarting both Metron PCAP and Metron REST services--which is 
necessary since user can change a PCAP-service related property or a PCAP-REST 
related property (or both). The converse, which you noted, i.e. changing any 
REST config does not require restarting the PCAP topology. Here's a screenshot 
after making changes to REST config...
> 
> 
![image](https://user-images.githubusercontent.com/20395490/46430735-8e6f0700-c767-11e8-8308-728771635480.png)




---

[GitHub] metron pull request #1207: METRON-1695: Expose pcap properties through Ambar...

2018-10-04 Thread anandsubbu 
Github user anandsubbu commented on a diff in the pull request:

https://github.com/apache/metron/pull/1207#discussion_r222726135
  
--- Diff: 
metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/params/status_params.py
 ---
@@ -119,8 +119,8 @@
 metron_keytab_path = 
config['configurations']['metron-env']['metron_service_keytab']
 
 # Pcap
-metron_pcap_topology = 'pcap'
-pcap_input_topic = 'pcap'
+metron_pcap_topology = 
config['configurations']['metron-pcap-env']['spout_kafka_topic_pcap']
--- End diff --

Done, changed.


---

[GitHub] metron issue #1207: METRON-1695: Expose pcap properties through Ambari

2018-10-03 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1207
  
@nickwallen suggested a great idea of making use of parser aggregation and 
thus starting the default parsers on full-dev as an aggregated parser topology. 
The latest commit makes use of PR #1215 which provides that ability.

Now, on full-dev we start a single aggregated topology for the default 
configured sensors viz. "bro,snort,yaf".

## Testing Done
- Spun up full-dev and noticed that a single topology named 
`bro__snort__yaf` is started
- Verified Alerts UI has data from all three sensors:


![image](https://user-images.githubusercontent.com/20395490/46431349-33d6aa80-c769-11e8-8b6e-33940ef9b9eb.png)



---

[GitHub] metron issue #1207: METRON-1695: Expose pcap properties through Ambari

2018-10-03 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1207
  
@MohanDV , as a part of my commit, I have moved all the UI related elements 
from REST to the PCAP config tab. 

In my understanding, the following parameters are not directly related to 
the PCAP core service, but are functionally related to REST (used by the PCAP 
query panel UI):
* pdml.script.path
* base.path
* base.interim.result.path
* final.output.path
* page.size
* yarn.queue
* finalizer.threadpool.size

For this reason, I did not move these properties out of the 
rest_application.yml. 

> @MohanDV Changing a REST Setting triggers Ambari to Restart PCAP Topology 

With my current changes, modifying any config setting in the PCAP tab will 
require restarting both Metron PCAP and Metron REST services--which is 
necessary since user can change a PCAP-service related property or a PCAP-REST 
related property (or both). The converse, which you noted, i.e. changing any 
REST config does not require restarting the PCAP topology. Here's a screenshot 
after making changes to REST config...


![image](https://user-images.githubusercontent.com/20395490/46430735-8e6f0700-c767-11e8-8308-728771635480.png)



---

[GitHub] metron issue #1215: METRON-1798: Add mpack support for parser aggregation

2018-10-03 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1215
  
Thanks again for the review, @nickwallen !


---

[GitHub] metron issue #1215: METRON-1798: Add mpack support for parser aggregation

2018-10-03 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1215
  
Re-run travis


---

[GitHub] metron pull request #1215: METRON-1798: Add mpack support for parser aggrega...

2018-10-03 Thread anandsubbu 
GitHub user anandsubbu reopened a pull request:

https://github.com/apache/metron/pull/1215

METRON-1798: Add mpack support for parser aggregation

## Contributor Comments
This pull request allows users to submit an aggregated parser topology.

## Testing Steps
1. Spin up full-dev. 
2. Stop the "Metron Parsers" service so that existing parser topologies are 
killed/stopped.
3. Go to Ambari -> Metron -> Configs -> Parsers
4. Change the "Metron Parsers" value as: "bro,snort", "yaf (For example)
5. Save changes and restart the Metron Parsers service.
6. Go to Storm UI, and verify that the aggregated topologies viz. 
"bro__snort" and "yaf" are started.

## Testing Done
### 1. Full Dev
* Set the Metron Parsers value as "bro,snort.yaf" and restarted the 
service. 
* A single aggregated topology is seen to be started:

![image](https://user-images.githubusercontent.com/20395490/46216724-dbb13a00-c35d-11e8-9651-b39d0766208f.png)

* Verified stop 'Metron Parsers' service to check that the aggregated 
topology is stopped properly
* Verified restart 'Metron Parsers' service to check that the aggregated 
topology is restarted properly

### 2. Multi-node setup
* Set the Metron Parsers value as: 
"bro,snort,yaf","bro,yaf","snort,yaf",yaf,snort
* The appropriate aggregated and single topologies are started:


![image](https://user-images.githubusercontent.com/20395490/46217047-84f83000-c35e-11e8-87e3-994b72d06cf3.png)

* Changed the parser list as: bro,snort,yaf
* Restarted the parsers service to validate that the three parser 
topologies are started individually.

![image](https://user-images.githubusercontent.com/20395490/46223825-0dcc9700-c372-11e8-9027-ad6ad1577f5f.png)


## Pull Request Checklist

Thank you for submitting a contribution to Apache Metron.  
Please refer to our [Development 
Guidelines](https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61332235)
 for the complete guide to follow for contributions.  
Please refer also to our [Build Verification 
Guidelines](https://cwiki.apache.org/confluence/display/METRON/Verifying+Builds?show-miniview)
 for complete smoke testing guides.  


In order to streamline the review of the contribution we ask you follow 
these guidelines and ask you to double check the following:

### For all changes:
- [x] Is there a JIRA ticket associated with this PR? If not one needs to 
be created at [Metron 
Jira](https://issues.apache.org/jira/browse/METRON/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel).
- [x] Does your PR title start with METRON- where  is the JIRA 
number you are trying to resolve? Pay particular attention to the hyphen "-" 
character.
- [x] Has your PR been rebased against the latest commit within the target 
branch (typically master)?


### For code changes:
- [x] Have you included steps to reproduce the behavior or problem that is 
being changed or addressed?
- [x] Have you included steps or a guide to how the change may be verified 
and tested manually?
- [ ] Have you ensured that the full suite of tests and checks have been 
executed in the root metron folder via:
  ```
  mvn -q clean integration-test install && 
dev-utilities/build-utils/verify_licenses.sh 
  ```

- [ ] Have you written or updated unit tests and or integration tests to 
verify your changes?
- [ ] If adding new dependencies to the code, are these dependencies 
licensed in a way that is compatible for inclusion under [ASF 
2.0](http://www.apache.org/legal/resolved.html#category-a)?
- [x] Have you verified the basic functionality of the build by building 
and running locally with Vagrant full-dev environment or the equivalent?

### For documentation related changes:
- [ ] Have you ensured that format looks appropriate for the output in 
which it is rendered by building and verifying the site-book? If not then run 
the following commands and the verify changes via 
`site-book/target/site/index.html`:

  ```
  cd site-book
  mvn site
  ```

 Note:
Please ensure that once the PR is submitted, you check travis-ci for build 
issues and submit an update to your PR as soon as possible.
It is also recommended that [travis-ci](https://travis-ci.org) is set up 
for your personal repository such that your branches are built there before 
submitting a pull request.


You can merge this pull request into a Git repository by running:

$ git pull https://github.com/anandsubbu/incubator-metron METRON-1798

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/metron/pull/1215.patch

To close this pull requ

[GitHub] metron pull request #1215: METRON-1798: Add mpack support for parser aggrega...

2018-10-03 Thread anandsubbu 
Github user anandsubbu closed the pull request at:

https://github.com/apache/metron/pull/1215


---

[GitHub] metron issue #1215: METRON-1798: Add mpack support for parser aggregation

2018-10-03 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1215
  
Hi @nickwallen , thank you for the review.

> @nickwallen One thing I notice right off is that we did not add any 
documentation for the parsers fields in Ambari. Would it make sense to add a 
brief description to the pop-up text describing how a user can define parsers?

Sure, makes sense. I have also added a section to the Parser Chaining 
README as well with examples. Please have a look.

> @nickwallen: When switching parser topologies, some of the original 
parser topologies can fail to be shut down properly.
> I have found that the same issue occurs in master. Since that is the 
case, we could choose to tackle this as a separate ticket. It is your choice.

I created [METRON-1802](https://issues.apache.org/jira/browse/METRON-1802) 
so this can be fixed outside of this PR. 


---

[GitHub] metron issue #1215: METRON-1798: Add mpack support for parser aggregation

2018-09-28 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1215
  
Please note: I did not find the Parser Aggregation functionality documented 
under the Parser Chaining README, save a mention under the parser chaining [use 
case](https://github.com/apache/metron/tree/master/use-cases/parser_chaining#aggregated-parsers-with-parser-chaining).
 Please let me know if it makes sense to add this to the main parser chaining 
README, and I will add it.


---

[GitHub] metron pull request #1215: METRON-1798: Add mpack support for parser aggrega...

2018-09-28 Thread anandsubbu 
GitHub user anandsubbu opened a pull request:

https://github.com/apache/metron/pull/1215

METRON-1798: Add mpack support for parser aggregation

## Contributor Comments
This pull request allows users to submit an aggregated parser topology.

## Testing Steps
1. Spin up full-dev. 
2. Stop the "Metron Parsers" service so that existing parser topologies are 
killed/stopped.
3. Go to Ambari -> Metron -> Configs -> Parsers
4. Change the "Metron Parsers" value as: "bro,snort", "yaf (For example)
5. Save changes and restart the Metron Parsers service.
6. Go to Storm UI, and verify that the aggregated topologies viz. 
"bro__snort" and "yaf" are started.

## Testing Done
### 1. Full Dev
* Set the Metron Parsers value as "bro,snort.yaf" and restarted the 
service. 
* A single aggregated topology is seen to be started:

![image](https://user-images.githubusercontent.com/20395490/46216724-dbb13a00-c35d-11e8-9651-b39d0766208f.png)

* Verified stop 'Metron Parsers' service to check that the aggregated 
topology is stopped properly
* Verified restart 'Metron Parsers' service to check that the aggregated 
topology is restarted properly

### 2. Multi-node setup
* Set the Metron Parsers value as: 
"bro,snort,yaf","bro,yaf","snort,yaf",yaf,snort
* The appropriate aggregated and single topologies are started:


![image](https://user-images.githubusercontent.com/20395490/46217047-84f83000-c35e-11e8-87e3-994b72d06cf3.png)


## Pull Request Checklist

Thank you for submitting a contribution to Apache Metron.  
Please refer to our [Development 
Guidelines](https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61332235)
 for the complete guide to follow for contributions.  
Please refer also to our [Build Verification 
Guidelines](https://cwiki.apache.org/confluence/display/METRON/Verifying+Builds?show-miniview)
 for complete smoke testing guides.  


In order to streamline the review of the contribution we ask you follow 
these guidelines and ask you to double check the following:

### For all changes:
- [ ] Is there a JIRA ticket associated with this PR? If not one needs to 
be created at [Metron 
Jira](https://issues.apache.org/jira/browse/METRON/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel).
- [ ] Does your PR title start with METRON- where  is the JIRA 
number you are trying to resolve? Pay particular attention to the hyphen "-" 
character.
- [ ] Has your PR been rebased against the latest commit within the target 
branch (typically master)?


### For code changes:
- [ ] Have you included steps to reproduce the behavior or problem that is 
being changed or addressed?
- [ ] Have you included steps or a guide to how the change may be verified 
and tested manually?
- [ ] Have you ensured that the full suite of tests and checks have been 
executed in the root metron folder via:
  ```
  mvn -q clean integration-test install && 
dev-utilities/build-utils/verify_licenses.sh 
  ```

- [ ] Have you written or updated unit tests and or integration tests to 
verify your changes?
- [ ] If adding new dependencies to the code, are these dependencies 
licensed in a way that is compatible for inclusion under [ASF 
2.0](http://www.apache.org/legal/resolved.html#category-a)?
- [ ] Have you verified the basic functionality of the build by building 
and running locally with Vagrant full-dev environment or the equivalent?

### For documentation related changes:
- [ ] Have you ensured that format looks appropriate for the output in 
which it is rendered by building and verifying the site-book? If not then run 
the following commands and the verify changes via 
`site-book/target/site/index.html`:

  ```
  cd site-book
  mvn site
  ```

 Note:
Please ensure that once the PR is submitted, you check travis-ci for build 
issues and submit an update to your PR as soon as possible.
It is also recommended that [travis-ci](https://travis-ci.org) is set up 
for your personal repository such that your branches are built there before 
submitting a pull request.


You can merge this pull request into a Git repository by running:

$ git pull https://github.com/anandsubbu/incubator-metron METRON-1798

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/metron/pull/1215.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #1215


commit 8aa7c77f9d99f987d2549f3f8eed3a72f09f8bb1
Author: Anand Subramanian 
Date:   2018-09-28T14:56:18Z

Support parser aggregation




---

[GitHub] metron issue #1207: METRON-1695: Expose pcap properties through Ambari

2018-09-25 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1207
  
Latest commit modifies full dev to start only the bro parser topology by 
default. The PCAP topology now gets the worker slot which was freed up. Note 
that on a regular deploy, all of bro, snort and yaf topologies will be deployed 
by default. 

I am also looking for the issue @nickwallen mentioned about the PCAP 
topology appearing stopped. Nothing so far. Will continue to monitor.


---

[GitHub] metron issue #1207: METRON-1695: Expose pcap properties through Ambari

2018-09-24 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1207
  
One thing I am not sure is, whether the topology name i.e. 
`metron_pcap_topology` should be fetched from the config or should be hard 
coded to 'pcap'. I see that for the enrichment, profiler, indexing etc., we 
have  hardcoded the topology name and fetch the kafka topic from config. See 
[here](https://github.com/apache/metron/blob/master/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/params/params_linux.py#L329)
 for example. I would like opinions on whether we should follow the same 
convention here or should we fetch it from Ambari config.


---

[GitHub] metron pull request #1207: METRON-1695: Expose pcap properties through Ambar...

2018-09-24 Thread anandsubbu 
Github user anandsubbu commented on a diff in the pull request:

https://github.com/apache/metron/pull/1207#discussion_r219736069
  
--- Diff: 
metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/params/params_linux.py
 ---
@@ -387,18 +388,32 @@
 bolt_hdfs_rotation_policy_units = 
config['configurations']['metron-indexing-env']['bolt_hdfs_rotation_policy_units']
 bolt_hdfs_rotation_policy_count = 
config['configurations']['metron-indexing-env']['bolt_hdfs_rotation_policy_count']
 
-# Pcap
+# PCAP
 metron_pcap_topology = 'pcap'
 pcap_input_topic = 'pcap'
--- End diff --

The latest commit fetches the topology and topic name from Ambari config.



---

[GitHub] metron pull request #1207: METRON-1695: Expose pcap properties through Ambar...

2018-09-21 Thread anandsubbu 
GitHub user anandsubbu opened a pull request:

https://github.com/apache/metron/pull/1207

METRON-1695: Expose pcap properties through Ambari

## Contributor Comments
This change makes the PCAP config properties available via the Metron 
service -> Configs tab in Ambari. It also takes care of updating the 
`pcap.properties` file with relevant values depending on the deploy environment 
(single node vs. multi node vs. kerberized cluster). 

Here's a screenshot of the PCAP Config:

![pcap-config-values](https://user-images.githubusercontent.com/20395490/45877981-21e62680-bdbd-11e8-902d-6d5a2a1bc239.png)

### Testing Steps
* Launch full dev
* Metron PCAP service should come up successfully.
* Go to Ambari -> Metron services -> Configs -> PCAP tab; change any config 
parameter; 
* Restart the required services and the config change take effect.

### Testing Done
I ran the following different tests to validate the fix.

 A. Full Dev
* Verified Metron PCAP service comes up successfully 
* Changed some of the PCAP config values from the Ambari UI, validated that 
this is reflected in the `pcap.properties` file upon service restart.
- **Note**: I ran into 
[METRON-1786](https://issues.apache.org/jira/browse/METRON-1786) during 
testing. I was able to resolve the issue by applying the fix in PR #1206 

 B. Multi-node Cluster
* Validated that the `kafka.zk` property in `pcap.properties` is updated 
with the correct Broker details
* Changed a PCAP service-related property (E.g. `kafka_pcap_numpackets`) 
and validated that the `pcap.properties` file is updated.
* Changed a PCAP REST-related property (E.g. `pcap_page_size`) and 
validated that the `/etc/default/metron` file is updated.

 C. Kerberized Cluster
* Kerberized the multi-node cluster and setup pycapa
* Ingested PCAP into the cluster
* Ran queries through the PCAP panel and validated that the modified config 
settings are in effect (E.g. `pcap_page_size` set to 50). 

## Pull Request Checklist

Thank you for submitting a contribution to Apache Metron.  
Please refer to our [Development 
Guidelines](https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61332235)
 for the complete guide to follow for contributions.  
Please refer also to our [Build Verification 
Guidelines](https://cwiki.apache.org/confluence/display/METRON/Verifying+Builds?show-miniview)
 for complete smoke testing guides.  


In order to streamline the review of the contribution we ask you follow 
these guidelines and ask you to double check the following:

### For all changes:
- [x] Is there a JIRA ticket associated with this PR? If not one needs to 
be created at [Metron 
Jira](https://issues.apache.org/jira/browse/METRON/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel).
- [x] Does your PR title start with METRON- where  is the JIRA 
number you are trying to resolve? Pay particular attention to the hyphen "-" 
character.
- [x] Has your PR been rebased against the latest commit within the target 
branch (typically master)?


### For code changes:
- [x] Have you included steps to reproduce the behavior or problem that is 
being changed or addressed?
- [x] Have you included steps or a guide to how the change may be verified 
and tested manually?
- [NA] Have you ensured that the full suite of tests and checks have been 
executed in the root metron folder via:
  ```
  mvn -q clean integration-test install && 
dev-utilities/build-utils/verify_licenses.sh 
  ```

- [ ] Have you written or updated unit tests and or integration tests to 
verify your changes?
- [ ] If adding new dependencies to the code, are these dependencies 
licensed in a way that is compatible for inclusion under [ASF 
2.0](http://www.apache.org/legal/resolved.html#category-a)?
- [ ] Have you verified the basic functionality of the build by building 
and running locally with Vagrant full-dev environment or the equivalent?

### For documentation related changes:
- [x] Have you ensured that format looks appropriate for the output in 
which it is rendered by building and verifying the site-book? If not then run 
the following commands and the verify changes via 
`site-book/target/site/index.html`:

  ```
  cd site-book
  mvn site
  ```

 Note:
Please ensure that once the PR is submitted, you check travis-ci for build 
issues and submit an update to your PR as soon as possible.
It is also recommended that [travis-ci](https://travis-ci.org) is set up 
for your personal repository such that your branches are built there before 
submitting a pull request.


You can merge this pull request into a Git repository by running:

$ git pull https://github.com/anandsubbu/

[GitHub] metron issue #1206: METRON-1786: Pcap Topology Status Incorrect

2018-09-21 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1206
  
+1

Verified the fix on full dev. The topology status is seen to be fine after 
the fix. No errors in ambari agent log.


---

[GitHub] metron issue #1201: METRON-1709 : Added the required scripts to start / stop...

2018-09-20 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1201
  
Hi @nickwallen , I would like to create a fresh pull request based on these 
changes. Could you go ahead and merge this please ?


---

[GitHub] metron issue #1132: METRON-1695: Expose pcap properties through Ambari

2018-09-20 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1132
  
Hey @nickwallen ... Let me close this PR. Will create one afresh based on 
the latest changes from #1201 


---

[GitHub] metron pull request #1132: METRON-1695: Expose pcap properties through Ambar...

2018-09-20 Thread anandsubbu 
Github user anandsubbu closed the pull request at:

https://github.com/apache/metron/pull/1132


---

[GitHub] metron issue #1134: METRON-1696: Create the HDFS directory for pcap sequence...

2018-08-09 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1134
  
@mmiklavc - in my setup, I have seen that non-kerb requires storm:hadoop 
permissions, while kerberized needs metron:hadoop for PCAP to write into HDFS.


---

[GitHub] metron issue #1132: METRON-1695: Expose pcap properties through Ambari

2018-08-09 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1132
  
Sure @merrimanr , sounds good.

@MohanDV has already begun work on METRON-1709. I will wait for him to 
complete and then submit this pull request so it would be a natural fit.


---

[GitHub] metron issue #1134: METRON-1696: Create the HDFS directory for pcap sequence...

2018-08-08 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1134
  
> metron:metron did not allow pcap topology to write as the Storm user.
Yup @mmiklavc .. on a non-kerberized cluster, I faced the same issue.


---

[GitHub] metron issue #1132: METRON-1695: Expose pcap properties through Ambari

2018-08-08 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1132
  
This PR lays the foundation for exposing the properties to begin with. My 
thought was that it reduces one error prone manual step of hand-editing the 
`pcap.properties` file. I agree with your point about how users might be 
concerned about restarting all parsers after modifying PCAP config. 

I did not create this earlier under the feature branch since this was not 
related specifically to the PCAP query panel, it was a more generic change.

I am fine to move this under the feature branch or I could wait until the 
fix for METRON-1709 (making the PCAP service its own) is available and then 
submit a fresh PR. Let me know which one works better.


---

[GitHub] metron issue #1132: METRON-1695: Expose pcap properties through Ambari

2018-08-02 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1132
  
Yup, @mmiklavc I see what you are saying. Make sense to me. Let me know if 
the latest README update conveys the message. 

I also added a fix to prompt a service restart upon changes to the PCAP 
config settings. Thanks @MohanDV for the pointer!


---

[GitHub] metron issue #1132: METRON-1695: Expose pcap properties through Ambari

2018-08-01 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1132
  
Btw, I created 
[METRON-1719](https://issues.apache.org/jira/browse/METRON-1719) to track PCAP 
sensor being an independent service entity.


---

[GitHub] metron issue #1132: METRON-1695: Expose pcap properties through Ambari

2018-08-01 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1132
  
> Please document the lifecycle for how pcap.properties is updated in the 
README. It should be clear  to users that they will need to restart parsers for 
the changes to take effect after the initial install is performed. Can you 
confirm, is that the way the properties are/will be deployed with this PR 
@anandsubbu?

Hi @mmiklavc - there is no change in behavior from earlier to now. Nothing 
changes from a usage perspective. Let me clarify more with an example for a 
multi-node deployment...

**Earlier**
* User deploys metron
* `pcap.properties` file created with defaults under `$METRON_HOME/config`
* User hand edits the properties file (sets ZK quorum and other parameters 
as required)
* Starts the topology per the instructions 
[here](https://github.com/apache/metron/tree/master/metron-platform/metron-pcap-backend#starting-the-topology).

**Now**
* During deploy time, user is presented with a separate config tab in 
Ambari to configure/reconfigure PCAP properties. If user chooses to leave them 
untouched, the pcap.properties is initialized with appropriate defaults. ZK 
quorum is auto-populated as well.
* `pcap.properties` file is created during metron-parsers startup step.
* Starts the topology per the instructions 
[here](https://github.com/apache/metron/tree/master/metron-platform/metron-pcap-backend#starting-the-topology).

The steps in the 
[README](https://github.com/apache/metron/tree/master/metron-platform/metron-pcap-backend)
 still holds. 

Now, we can add a note in the README to indicate that the PCAP properties 
can be configured via the 'PCAP' tab in Ambari Metron config. But I noticed 
this was not explicitly mentioned for other components (e.g. 
[REST](https://github.com/apache/metron/tree/master/metron-interface/metron-rest#configuration),
 
[elasticsearch](https://github.com/apache/metron/tree/master/metron-platform/metron-elasticsearch#properties)).
 Let me know if you prefer to have this added.


---

[GitHub] metron issue #1132: METRON-1695: Expose pcap properties through Ambari

2018-08-01 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1132
  
@mmiklavc thanks for the review. I concur with your observations. PCAP 
topology does deserve its own place in Ambari and the Management UI. 

As far as the scope of this PR goes, this IMHO, would be a first cut 
towards it. This PR addresses the immediate need for exposing the parameters in 
`pcap.properties` via Ambari. It also addresses auto-populating the ZK quorum 
in `pcap.properties` thus simplifying the manual steps that would be otherwise 
required in a multi-node deployment. 

Would you be okay if we create a separate JIRA to cover the broader change? 
Let me know your thoughts.


---

[GitHub] metron pull request #1132: METRON-1695: Expose pcap properties through Ambar...

2018-07-25 Thread anandsubbu 
Github user anandsubbu commented on a diff in the pull request:

https://github.com/apache/metron/pull/1132#discussion_r205241710
  
--- Diff: 
metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/configuration/metron-pcap-env.xml
 ---
@@ -0,0 +1,141 @@
+
+
+
+
+
+pcap_topology_worker_childopts
+PCAP Topology JVM Options
+
+PCAP Topology childopts
+
+true
+
+
+
+pcap_topology_workers
+Number of PCAP Topology Workers
+1
+Workers for PCAP Topology
+
+
+spout_kafka_topic_pcap
+PCAP Input Topic
+pcap
+PCAP Input Topic
+
+
+hdfs_sync_every
--- End diff --

The PCAP [config 
readme](https://github.com/apache/metron/tree/master/metron-platform/metron-pcap-backend#configuration)
 does not talk more about the units for this parameter (whether seconds, or 
minutes or something else). I looked through the code as well, but was not able 
to find more info. If someone could clarify about this, I can add the units so 
it is clearer.


---

[GitHub] metron pull request #1132: METRON-1695: Expose pcap properties through Ambar...

2018-07-25 Thread anandsubbu 
Github user anandsubbu commented on a diff in the pull request:

https://github.com/apache/metron/pull/1132#discussion_r205237418
  
--- Diff: 
metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/parser_master.py
 ---
@@ -54,6 +57,12 @@ def configure(self, env, upgrade_type=None, 
config_dir=None):
 commands.init_kafka_acls()
 commands.set_acl_configured()
 
+File(format("{metron_config_path}/pcap.properties"),
--- End diff --

I had earlier place this under the [indexing_master.py 
](https://github.com/apache/metron/blob/master/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/indexing_master.py#L62)script,
 but felt that it is more related to parser than with indexing. I am happy to 
move this block to any other place that is deemed fit.


---

[GitHub] metron pull request #1132: METRON-1695: Expose pcap properties through Ambar...

2018-07-25 Thread anandsubbu 
GitHub user anandsubbu opened a pull request:

https://github.com/apache/metron/pull/1132

METRON-1695: Expose pcap properties through Ambari

## Contributor Comments
This change add a new jinja template for the pcap properties and adds a new 
tab in Ambari Metron config for the PCAP properties. Here are the screenshots:
https://user-images.githubusercontent.com/20395490/43222746-a9e0026c-906e-11e8-9353-0ea34dbb4224.png;>
https://user-images.githubusercontent.com/20395490/43222747-aa1ba704-906e-11e8-82e8-71d4a9731aba.png;>

*Testing Done*
Built mpack out of these changes, deployed a multi-node cluster and 
validated that the pcap.properties is being updated during Parser startup 
scripts per the screenshot below:
https://user-images.githubusercontent.com/20395490/43222878-fe5fcc50-906e-11e8-80a7-45c73e173638.png;>

Also validated that the pcap properties is updated with config changes (ZK 
quorum, kafka broker etc.)
```
[root@metron-12 config]# cat pcap.properties

# Storm #
topology.worker.childopts=
topology.auto-credentials=[]
topology.workers=1

# Kafka #
spout.kafka.topic.pcap=pcap
kafka.zk=metron-10:2181,metron-11:2181,metron-1:2181
hdfs.sync.every=1
hdfs.replication.factor=--1
kafka.security.protocol=PLAINTEXT

# One of EARLIEST, LATEST, UNCOMMITTED_EARLIEST, UNCOMMITTED_LATEST
kafka.pcap.start=UNCOMMITTED_EARLIEST

kafka.pcap.numPackets=1000
kafka.pcap.maxTimeMS=30
kafka.pcap.ts_scheme=FROM_KEY
kafka.pcap.out=/apps/metron/pcap/input

# Parallelism #
kafka.pcap.ts_granularity=MICROSECONDS
kafka.spout.parallelism=1
```
*Verification Steps*
* Spin up full dev (or a multi-node cluster)
* Ensure that the PCAP tab in Ambari config allows for values to be entered.
* Deploy cluster and validate that $METRON_HOME/config/pcap.properties file 
has the proper config values set.

## Pull Request Checklist

Thank you for submitting a contribution to Apache Metron.  
Please refer to our [Development 
Guidelines](https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61332235)
 for the complete guide to follow for contributions.  
Please refer also to our [Build Verification 
Guidelines](https://cwiki.apache.org/confluence/display/METRON/Verifying+Builds?show-miniview)
 for complete smoke testing guides.  


In order to streamline the review of the contribution we ask you follow 
these guidelines and ask you to double check the following:

### For all changes:
- [x] Is there a JIRA ticket associated with this PR? If not one needs to 
be created at [Metron 
Jira](https://issues.apache.org/jira/browse/METRON/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel).
- [x] Does your PR title start with METRON- where  is the JIRA 
number you are trying to resolve? Pay particular attention to the hyphen "-" 
character.
- [x] Has your PR been rebased against the latest commit within the target 
branch (typically master)?


### For code changes:
- [ ] Have you included steps to reproduce the behavior or problem that is 
being changed or addressed?
- [x] Have you included steps or a guide to how the change may be verified 
and tested manually?
- [ ] Have you ensured that the full suite of tests and checks have been 
executed in the root metron folder via:
  ```
  mvn -q clean integration-test install && 
dev-utilities/build-utils/verify_licenses.sh 
  ```

- [ ] Have you written or updated unit tests and or integration tests to 
verify your changes?
- [ ] If adding new dependencies to the code, are these dependencies 
licensed in a way that is compatible for inclusion under [ASF 
2.0](http://www.apache.org/legal/resolved.html#category-a)?
- [ ] Have you verified the basic functionality of the build by building 
and running locally with Vagrant full-dev environment or the equivalent?

### For documentation related changes:
- [ ] Have you ensured that format looks appropriate for the output in 
which it is rendered by building and verifying the site-book? If not then run 
the following commands and the verify changes via 
`site-book/target/site/index.html`:

  ```
  cd site-book
  mvn site
  ```

 Note:
Please ensure that once the PR is submitted, you check travis-ci for build 
issues and submit an update to your PR as soon as possible.
It is also recommended that [travis-ci](https://travis-ci.org) is set up 
for your personal repository such that your branches are built there before 
submitting a pull request.


You can merge this pull request into a Git repository by running:

$ git pull https://github.com/anandsubbu/incubator-metron METRON-1695

Alternatively you can review and apply these changes

[GitHub] metron issue #1039: METRON-1588 Migrate storm-kafka-client to 1.2.1

2018-06-08 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1039
  
I ran a few performance tests comparing ver 1.1.0 and 1.2.1 on the 
enrichment topology using the 
[load_tool](https://github.com/apache/metron/blob/master/metron-contrib/metron-performance/README.md).
 The EPS numbers for 1.2.1 are seen to be on-par or better than 1.1.0. However, 
I noticed that the Avg CPU usage is higher on 1.2.1 (about 70%) as compared to 
1.1.0 (about 40%). 


---

[GitHub] metron issue #526: Metron-846: Add E2E tests for metron management ui

2018-05-14 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/526
  
I am testing and updating this PR to get it to work on latest master. 


---

[GitHub] metron pull request #1004: METRON-1489: Retrofit UI tests to run reliably du...

2018-04-29 Thread anandsubbu 
Github user anandsubbu commented on a diff in the pull request:

https://github.com/apache/metron/pull/1004#discussion_r184889297
  
--- Diff: metron-interface/metron-alerts/protractor.conf.js ---
@@ -32,12 +33,13 @@ exports.config = {
 './e2e/alerts-list/tree-view/tree-view.e2e-spec.ts',
 './e2e/alerts-list/alert-filters/alert-filters.e2e-spec.ts',
 './e2e/alerts-list/alert-status/alerts-list-status.e2e-spec.ts',
-'./e2e/alert-details/alert-status/alert-details-status.e2e-spec.ts',
+// 
'./e2e/alert-details/alert-status/alert-details-status.e2e-spec.ts', //This 
will not work
 './e2e/alerts-list/meta-alerts/meta-alert.e2e-spec.ts'
   ],
   capabilities: {
 'browserName': 'chrome',
 'chromeOptions': {
+  args: ["--disable-gpu", "--window-size=1435,850" ],
--- End diff --

`-headless` can be included here to default to headless execution.


---

[GitHub] metron issue #1004: METRON-1489: Retrofit UI tests to run reliably during ni...

2018-04-29 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/1004
  
@nickwallen , in order to get past the following error you are seeing..
```

[13:44:09] E/launcher - All configured authentication methods failed
[13:44:09] E/launcher - Error: All configured authentication methods failed
at tryNextAuth 
(/Users/nallen/tmp/metron-pr1004/metron-interface/metron-alerts/node_modules/ssh2/lib/client.js:380:17)
at SSH2Stream.onUSERAUTH_FAILURE 
(/Users/nallen/tmp/metron-pr1004/metron-interface/metron-alerts/node_modules/ssh2/lib/client.js:591:5)
at SSH2Stream.emit (events.js:160:13)
at parsePacket 
(/Users/nallen/tmp/metron-pr1004/metron-interface/metron-alerts/node_modules/ssh2-streams/lib/ssh.js:3929:10)
at SSH2Stream._transform 
(/Users/nallen/tmp/metron-pr1004/metron-interface/metron-alerts/node_modules/ssh2-streams/lib/ssh.js:669:13)
at SSH2Stream.Transform._read (_stream_transform.js:185:10)
at SSH2Stream._read 
(/Users/nallen/tmp/metron-pr1004/metron-interface/metron-alerts/node_modules/ssh2-streams/lib/ssh.js:251:15)
at SSH2Stream.Transform._write (_stream_transform.js:173:12)
at doWrite (_stream_writable.js:407:12)
at writeOrBuffer (_stream_writable.js:393:5)
[13:44:09] E/launcher - Process exited with error code 199

```
The error you are seeing is because of the ssh2 module which authenticates 
to the vagrant node to do cleanup tasks. This needs to be fixed.

As a workaround, you can do the following in 
(metron-interface/metron-alerts/e2e/utils/clean_metron_update_table.ts) i.e. 
https://github.com/apache/metron/pull/1004/files#diff-2cc98b255ddf3a954ad22dfa2b5545fb

```
+resolve();
+//cleanupTable(resolve, reject);
```
i.e. you need to uncomment the `resolve()` function and comment out ` 
cleanupTable()`. 


---

[GitHub] metron pull request #1004: METRON-1489: Retrofit UI tests to run reliably du...

2018-04-29 Thread anandsubbu 
Github user anandsubbu commented on a diff in the pull request:

https://github.com/apache/metron/pull/1004#discussion_r184888777
  
--- Diff: 
metron-interface/metron-alerts/e2e/utils/clean_metron_update_table.ts ---
@@ -0,0 +1,52 @@
+declare var Promise: any;
+var chalk = require('chalk');
+var Client = require('ssh2').Client;
+var errorMsg = '';
+
+export function cleanMetronUpdateTable() {
+  return  new Promise(
+  function (resolve, reject) {
+// resolve();
+cleanupTable(resolve, reject);
--- End diff --

IMHO, it would be better to default to `resolve()` only owing to the issues 
with Vagrant `ssh2` client. 


---

[GitHub] metron pull request #981: METRON-1510: Update Metron website to include info...

2018-04-04 Thread anandsubbu 
GitHub user anandsubbu opened a pull request:

https://github.com/apache/metron/pull/981

METRON-1510: Update Metron website to include info about github update 
subscription


## Contributor Comments
Update to include links for the 'Issues' mailing list. Have also changed 
Archives links to point to lists.apache.org, which has a better viewing than 
the earlier one. 

## Pull Request Checklist

Thank you for submitting a contribution to Apache Metron.  
Please refer to our [Development 
Guidelines](https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61332235)
 for the complete guide to follow for contributions.  
Please refer also to our [Build Verification 
Guidelines](https://cwiki.apache.org/confluence/display/METRON/Verifying+Builds?show-miniview)
 for complete smoke testing guides.  


In order to streamline the review of the contribution we ask you follow 
these guidelines and ask you to double check the following:

### For all changes:
- [x] Is there a JIRA ticket associated with this PR? If not one needs to 
be created at [Metron 
Jira](https://issues.apache.org/jira/browse/METRON/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel).
- [x] Does your PR title start with METRON- where  is the JIRA 
number you are trying to resolve? Pay particular attention to the hyphen "-" 
character.
- [x] Has your PR been rebased against the latest commit within the target 
branch (typically master)?


### For code changes:
- [ ] Have you included steps to reproduce the behavior or problem that is 
being changed or addressed?
- [ ] Have you included steps or a guide to how the change may be verified 
and tested manually?
- [ ] Have you ensured that the full suite of tests and checks have been 
executed in the root metron folder via:
  ```
  mvn -q clean integration-test install && 
dev-utilities/build-utils/verify_licenses.sh 
  ```

- [ ] Have you written or updated unit tests and or integration tests to 
verify your changes?
- [ ] If adding new dependencies to the code, are these dependencies 
licensed in a way that is compatible for inclusion under [ASF 
2.0](http://www.apache.org/legal/resolved.html#category-a)?
- [ ] Have you verified the basic functionality of the build by building 
and running locally with Vagrant full-dev environment or the equivalent?

### For documentation related changes:
- [ ] Have you ensured that format looks appropriate for the output in 
which it is rendered by building and verifying the site-book? If not then run 
the following commands and the verify changes via 
`site-book/target/site/index.html`:

  ```
  cd site-book
  mvn site
  ```

 Note:
Please ensure that once the PR is submitted, you check travis-ci for build 
issues and submit an update to your PR as soon as possible.
It is also recommended that [travis-ci](https://travis-ci.org) is set up 
for your personal repository such that your branches are built there before 
submitting a pull request.


You can merge this pull request into a Git repository by running:

$ git pull https://github.com/anandsubbu/incubator-metron METRON-1510

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/metron/pull/981.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #981


commit e2889419a7fafe5b637fd6d49e829061c009b62c
Author: Anand Subramanian <asubramanian@...>
Date:   2018-04-05T04:59:37Z

Added links to Issues. Also changed Archives to point to lists.apache.org 
which has better look and feel.




---

[GitHub] metron issue #943: METRON-1462: Separate ES and Kibana from Metron Mpack

2018-04-04 Thread anandsubbu 
Github user anandsubbu commented on the issue:

https://github.com/apache/metron/pull/943
  
My +1 still holds. Installed both mpacks on a 12-node cluster and was able 
to get bro indices to work successfully. Thanks @mmiklavc !


---