[GitHub] metron issue #620: Metron-988: UI for viewing alerts generated by Metron

Github user mraliagha commented on the issue: https://github.com/apache/metron/pull/620 @iraghumitra You're welcome. As a load balancer. For Elasticsearch client, if you provide a list of endpoints, it acts as a load balancer to make sure one of them will not get

[GitHub] metron pull request #623: METRON-1003 ParserUtil parses dates incorrect

Github user bjigmp commented on a diff in the pull request: https://github.com/apache/metron/pull/623#discussion_r127359171 --- Diff: metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/utils/ParserUtils.java --- @@ -55,7 +55,7 @@ public static Long

[GitHub] metron pull request #655: Profiler Should be Less Dramatic When Missing Conf...

GitHub user nickwallen opened a pull request: https://github.com/apache/metron/pull/655 Profiler Should be Less Dramatic When Missing Configuration When the Profiler topology is running, but no Profiler definition is found in Zookeeper, the Profiler will now just calmly log a

[GitHub] metron issue #642: METRON-984 Stellar functions to decode encoded fields or ...

Github user ottobackwards commented on the issue: https://github.com/apache/metron/pull/642 Ok @cestella , I used the Stellar management functions : ```bash [Stellar]>>> bro_parser_config:= CONFIG_GET('PARSER','bro') [Stellar]>>> PARSER_STELLAR_TRANSFORM_PRINT(

[GitHub] metron issue #642: METRON-984 Stellar functions to decode encoded fields or ...

Github user ottobackwards commented on the issue: https://github.com/apache/metron/pull/642 And they do get returned from the rest api stellar controller --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project

[GitHub] metron pull request #622: METRON-1005 Create Decodable Row Key for Profiler

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/metron/pull/622#discussion_r127331446 --- Diff: metron-analytics/metron-profiler-client/src/main/java/org/apache/metron/profiler/client/stellar/RowKeyBuilderFactory.java --- @@ -0,0 +1,125

[GitHub] metron pull request #622: METRON-1005 Create Decodable Row Key for Profiler

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/metron/pull/622#discussion_r127326080 --- Diff: metron-analytics/metron-profiler-client/src/main/java/org/apache/metron/profiler/client/stellar/RowKeyBuilderFactory.java --- @@ -0,0 +1,125

[GitHub] metron pull request #622: METRON-1005 Create Decodable Row Key for Profiler

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/metron/pull/622#discussion_r127329675 --- Diff: metron-analytics/metron-profiler-common/src/main/java/org/apache/metron/profiler/hbase/SaltyRowKeyBuilder.java --- @@ -44,7 +46,17 @@ *

[GitHub] metron pull request #622: METRON-1005 Create Decodable Row Key for Profiler

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/metron/pull/622#discussion_r127326600 --- Diff: metron-analytics/metron-profiler-client/src/main/java/org/apache/metron/profiler/client/stellar/RowKeyBuilderFactory.java --- @@ -0,0 +1,125

[GitHub] metron pull request #622: METRON-1005 Create Decodable Row Key for Profiler

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/metron/pull/622#discussion_r127325245 --- Diff: metron-analytics/metron-profiler-client/src/main/java/org/apache/metron/profiler/client/stellar/RowKeyBuilderFactory.java --- @@ -0,0 +1,125

[GitHub] metron pull request #622: METRON-1005 Create Decodable Row Key for Profiler

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/metron/pull/622#discussion_r127330773 --- Diff: metron-analytics/metron-profiler-common/src/main/java/org/apache/metron/profiler/hbase/DecodableRowKeyBuilder.java --- @@ -0,0 +1,382 @@

[GitHub] metron pull request #622: METRON-1005 Create Decodable Row Key for Profiler

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/metron/pull/622#discussion_r127329289 --- Diff: metron-analytics/metron-profiler-client/src/main/java/org/apache/metron/profiler/client/stellar/RowKeyBuilderFactory.java --- @@ -0,0 +1,125

[GitHub] metron pull request #622: METRON-1005 Create Decodable Row Key for Profiler

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/metron/pull/622#discussion_r127328660 --- Diff: metron-analytics/metron-profiler-client/src/main/java/org/apache/metron/profiler/client/stellar/GetProfile.java --- @@ -216,21 +211,7 @@

[GitHub] metron pull request #622: METRON-1005 Create Decodable Row Key for Profiler

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/metron/pull/622#discussion_r127329548 --- Diff: metron-analytics/metron-profiler-common/src/main/java/org/apache/metron/profiler/hbase/DecodableRowKeyBuilder.java --- @@ -0,0 +1,382 @@

[GitHub] metron pull request #622: METRON-1005 Create Decodable Row Key for Profiler

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/metron/pull/622#discussion_r127327126 --- Diff: metron-analytics/metron-profiler/src/main/flux/profiler/remote.yaml --- @@ -29,7 +29,7 @@ components: - name: "saltDivisor"

[GitHub] metron issue #642: METRON-984 Stellar functions to decode encoded fields or ...

Github user ottobackwards commented on the issue: https://github.com/apache/metron/pull/642 @cestella, I don't see my functions listed in the config ui, but they are in the shell. That doesn't seem right? --- If your project is set up for it, you can reply to this email and have

[GitHub] metron issue #652: METRON-1039: Add ZIP function to Stellar

Github user jjmeyer0 commented on the issue: https://github.com/apache/metron/pull/652 @cestella I was wondering what you think about having a zip function that we could pass a lambda to. It could potentially be nicer to read than combining a `ZIP` with a `REDUCE`. ```

[GitHub] metron pull request #653: METRON-1040 Create Installation Instructions for t...

Github user asfgit closed the pull request at: https://github.com/apache/metron/pull/653 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is

[GitHub] metron issue #653: METRON-1040 Create Installation Instructions for the Prof...

Github user nickwallen commented on the issue: https://github.com/apache/metron/pull/653 I have been able to follow these steps successfully in Full Dev environment. Looking good to me. --- If your project is set up for it, you can reply to this email and have your reply appear on

[GitHub] metron issue #481: METRON-322 Global Batching and Flushing

Github user mattf-horton commented on the issue: https://github.com/apache/metron/pull/481 Before committing, I'm going to retest to make sure I'm not missing the problems @ottobackwards saw. @dlyle65535 , also interested in your feedback if you have time. --- If your project is

[GitHub] metron issue #623: METRON-1003 ParserUtil parses dates incorrect

Github user justinleet commented on the issue: https://github.com/apache/metron/pull/623 @bjigmp I'm fine with doing that later. If you add the comment I asked for (honestly mostly because I personally had no idea what that method expected until I looked at the method more) I'm +1,

Re: [DISCUSS] Relocate Docker

I agree to moving it to a contrib or contrib-like area. Jon On Thu, Jul 13, 2017 at 12:38 PM Kyle Richardson wrote: > I completely support the idea of moving metron-docker down in the tree. I > do like the idea of a contrib/ area for things like this that are not as

Re: [DISCUSS] Relocate Docker

I could be convinced to get onboard with a contrib (or metron-contrib to follow convention?) top-level directory. My only concern is that it might become a dumping ground of random stuff. Maybe that concern is not warranted. On Thu, Jul 13, 2017 at 12:38 PM, Kyle Richardson

[GitHub] metron issue #623: METRON-1003 ParserUtil parses dates incorrect

Github user bjigmp commented on the issue: https://github.com/apache/metron/pull/623 @justinleet I absolutely agree with you that this method must be rewritten and probably moved to FireEye. But my plan was to fix it/write unit test and then refactor it. --- If your project is

[GitHub] metron issue #651: METRON-1037 Added POWER function

Github user mattf-horton commented on the issue: https://github.com/apache/metron/pull/651 Har, I give up. POWER it is. I agree would be good to use @cestella 's new framework, and see above review comments. --- If your project is set up for it, you can reply to this email and

[GitHub] metron pull request #651: METRON-1037 Added POWER function

Github user mattf-horton commented on a diff in the pull request: https://github.com/apache/metron/pull/651#discussion_r127277799 --- Diff: metron-stellar/stellar-common/src/main/java/org/apache/metron/stellar/dsl/functions/MathFunctions.java --- @@ -60,4 +60,38 @@ public boolean

[GitHub] metron pull request #651: METRON-1037 Added POWER function

Github user mattf-horton commented on a diff in the pull request: https://github.com/apache/metron/pull/651#discussion_r127279766 --- Diff: metron-stellar/stellar-common/src/test/java/org/apache/metron/stellar/dsl/functions/MathFunctionsTest.java --- @@ -44,4 +44,16 @@ public

[GitHub] metron pull request #651: METRON-1037 Added POWER function

Github user mattf-horton commented on a diff in the pull request: https://github.com/apache/metron/pull/651#discussion_r127279153 --- Diff: metron-stellar/stellar-common/src/test/java/org/apache/metron/stellar/dsl/functions/MathFunctionsTest.java --- @@ -44,4 +44,16 @@ public

[GitHub] metron pull request #651: METRON-1037 Added POWER function

Github user mattf-horton commented on a diff in the pull request: https://github.com/apache/metron/pull/651#discussion_r127277470 --- Diff: metron-stellar/stellar-common/README.md --- @@ -518,6 +519,13 @@ In the core language functions, we support basic functional programming

[GitHub] metron issue #642: METRON-984 Stellar functions to decode encoded fields or ...

Github user ottobackwards commented on the issue: https://github.com/apache/metron/pull/642 Will do --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if

[GitHub] metron issue #651: METRON-1037 Added POWER function

Github user cestella commented on the issue: https://github.com/apache/metron/pull/651 @mattf-horton Actually, `**` and `math.exp()` are different; the first being an arbitrary power function and the later presuming that we're taking a power of `e` (i.e. `e**x == exp(x)` ). I did

[GitHub] metron issue #653: METRON-1040 Create Installation Instructions for the Prof...

Github user cestella commented on the issue: https://github.com/apache/metron/pull/653 Exactly --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the

[GitHub] metron issue #653: METRON-1040 Create Installation Instructions for the Prof...

Github user nickwallen commented on the issue: https://github.com/apache/metron/pull/653 Ah, sure. Creating the HBase table is described in the "Getting Started" section, but that does seem to make more sense under "Installation" now. Will do. Thanks --- If your project is set up

[GitHub] metron issue #653: METRON-1040 Create Installation Instructions for the Prof...

Github user nickwallen commented on the issue: https://github.com/apache/metron/pull/653 Oh, like adjust the following in `profiler.properties`? ``` ... kafka.zk=node1:2181 kafka.broker=node1:6667 ``` --- If your project is set up for it, you can reply to

[GitHub] metron issue #651: METRON-1037 Added POWER function

Github user mattf-horton commented on the issue: https://github.com/apache/metron/pull/651 @simonellistonball , you're right, '**' would have been far more appropriate given what most languages do. And I find your argument convincing that the function form will be more familiar to

[GitHub] metron issue #653: METRON-1040 Create Installation Instructions for the Prof...

Github user nickwallen commented on the issue: https://github.com/apache/metron/pull/653 @cestella I am not following. Can you describe that a little more? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project

[GitHub] metron issue #653: METRON-1040 Create Installation Instructions for the Prof...

Github user cestella commented on the issue: https://github.com/apache/metron/pull/653 Cool, can we get a blurb about adjusting configs to conform to your system, etc. at the end of this? If so, I'm +1. --- If your project is set up for it, you can reply to this email and have your

[GitHub] metron issue #636: METRON-1022: Elasticsearch REST endpoint

Github user cestella commented on the issue: https://github.com/apache/metron/pull/636 Bear with me, @merrimanr, I am going to submit a PR with the DAO abstraction I was talking about so we can hash it out. I started it in collaboration with @justinleet to ensure the ideas in the

[GitHub] metron issue #651: METRON-1037 Added POWER function

Github user simonellistonball commented on the issue: https://github.com/apache/metron/pull/651 Yes, I think I'll just refactor this around #650 when that's committed to keep the workflow simple. --- If your project is set up for it, you can reply to this email and have your reply

[GitHub] metron pull request #651: METRON-1037 Added POWER function

Github user simonellistonball closed the pull request at: https://github.com/apache/metron/pull/651 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the

[GitHub] metron issue #649: METRON-1035 Added SUM to the rules triage aggregation doc...

Github user cestella commented on the issue: https://github.com/apache/metron/pull/649 +1 by inspection, nice work --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and

Re: [DISCUSS] Relocate Docker

I completely support the idea of moving metron-docker down in the tree. I do like the idea of a contrib/ area for things like this that are not as frequently updated or maintained. Are there any other pieces of the code base that would fit into this type of area? -Kyle On Thu, Jul 13, 2017 at

Re: [DISCUSS] Relocate Docker

On 2017-07-13 09:04, Nick Allen wrote: Having metron-docker at the top-level of the project seems to catch the attention of new users. Some then start using metron-docker to explore/try-out/demo Metron. The metron-docker code that we have is not well-suited for this purpose. It is only really

[GitHub] metron issue #651: METRON-1037 Added POWER function

Github user simonellistonball commented on the issue: https://github.com/apache/metron/pull/651 I get the point @mattf-horton and thought about it, but went this way for familiarity's sake, a lot of the likely authors of stellar statements are security analysts who will be more

[GitHub] metron pull request #651: METRON-1037 Added POWER function

Github user cestella commented on a diff in the pull request: https://github.com/apache/metron/pull/651#discussion_r127263511 --- Diff: metron-stellar/stellar-common/src/main/java/org/apache/metron/stellar/dsl/functions/MathFunctions.java --- @@ -60,4 +60,38 @@ public boolean

[GitHub] metron issue #650: METRON-1038: Stellar should have a better collection of b...

Github user cestella commented on the issue: https://github.com/apache/metron/pull/650 Ok, I broke this abstraction out a bit and made it easier to add non-single-arg functions (a la POW, which is a separate PR by @simonellistonball ). I also went ahead and added `ROUND` and `EXP`.

[GitHub] metron issue #651: METRON-1037 Added POWER function

Github user mattf-horton commented on the issue: https://github.com/apache/metron/pull/651 I would rather see this implemented as a `^` math operator rather than a function, even though Java doesn't. Opinions? --- If your project is set up for it, you can reply to this email and

Re: [DISCUSS] Relocate Docker

I think that if it is not a ‘build breaking dependency’ it should be in a /contrib area and not in deployment. On July 13, 2017 at 12:05:00, Nick Allen (n...@nickallen.org) wrote: Having metron-docker at the top-level of the project seems to catch the attention of new users. Some then start

[DISCUSS] Relocate Docker

Having metron-docker at the top-level of the project seems to catch the attention of new users. Some then start using metron-docker to explore/try-out/demo Metron. The metron-docker code that we have is not well-suited for this purpose. It is only really useful for development. It is not

[GitHub] metron pull request #652: METRON-1039: Add ZIP function to Stellar

Github user cestella commented on a diff in the pull request: https://github.com/apache/metron/pull/652#discussion_r127247191 --- Diff: metron-stellar/stellar-common/src/test/java/org/apache/metron/stellar/dsl/functions/FunctionalFunctionsTest.java --- @@ -24,13 +24,124 @@

[GitHub] metron pull request #652: METRON-1039: Add ZIP function to Stellar

Github user ottobackwards commented on a diff in the pull request: https://github.com/apache/metron/pull/652#discussion_r127245708 --- Diff: metron-stellar/stellar-common/src/test/java/org/apache/metron/stellar/dsl/functions/FunctionalFunctionsTest.java --- @@ -24,13 +24,124 @@

[GitHub] metron pull request #652: METRON-1039: Add ZIP function to Stellar

Github user ottobackwards commented on a diff in the pull request: https://github.com/apache/metron/pull/652#discussion_r127245624 --- Diff: metron-stellar/stellar-common/src/test/java/org/apache/metron/stellar/dsl/functions/FunctionalFunctionsTest.java --- @@ -24,13 +24,124 @@

[GitHub] metron pull request #650: METRON-1038: Stellar should have a better collecti...

Github user ottobackwards commented on a diff in the pull request: https://github.com/apache/metron/pull/650#discussion_r127245372 --- Diff: metron-stellar/stellar-common/src/main/java/org/apache/metron/stellar/dsl/functions/MathFunctions.java --- @@ -25,17 +25,39 @@ import

[GitHub] metron pull request #652: METRON-1039: Add ZIP function to Stellar

Github user simonellistonball commented on a diff in the pull request: https://github.com/apache/metron/pull/652#discussion_r127244811 --- Diff: metron-stellar/stellar-common/src/test/java/org/apache/metron/stellar/dsl/functions/FunctionalFunctionsTest.java --- @@ -24,13 +24,124

[GitHub] metron pull request #650: METRON-1038: Stellar should have a better collecti...

Github user cestella commented on a diff in the pull request: https://github.com/apache/metron/pull/650#discussion_r127242712 --- Diff: metron-stellar/stellar-common/src/main/java/org/apache/metron/stellar/dsl/functions/MathFunctions.java --- @@ -25,17 +25,39 @@ import

[GitHub] metron pull request #650: METRON-1038: Stellar should have a better collecti...

Github user cestella commented on a diff in the pull request: https://github.com/apache/metron/pull/650#discussion_r127242100 --- Diff: metron-stellar/stellar-common/src/main/java/org/apache/metron/stellar/dsl/functions/MathFunctions.java --- @@ -25,17 +25,39 @@ import

[GitHub] metron pull request #652: METRON-1039: Add ZIP function to Stellar

Github user simonellistonball commented on a diff in the pull request: https://github.com/apache/metron/pull/652#discussion_r127239254 --- Diff: metron-stellar/stellar-common/src/test/java/org/apache/metron/stellar/dsl/functions/FunctionalFunctionsTest.java --- @@ -24,13 +24,124

[GitHub] metron issue #652: METRON-1039: Add ZIP function to Stellar

Github user nickwallen commented on the issue: https://github.com/apache/metron/pull/652 Do we have good unit tests for the function's behavior with empty lists, nulls and other boundary conditions? --- If your project is set up for it, you can reply to this email and have your

[GitHub] metron pull request #653: METRON-1040 Create Installation Instructions for t...

GitHub user nickwallen opened a pull request: https://github.com/apache/metron/pull/653 METRON-1040 Create Installation Instructions for the Profiler Created additional instructions for installing the Profiler. ## Pull Request Checklist - [ ] Is there a JIRA ticket

[GitHub] metron issue #652: METRON-1039: Add ZIP function to Stellar

Github user ottobackwards commented on the issue: https://github.com/apache/metron/pull/652 +1 - built + test travis style, ran stellar cli. Nice work @cestella --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If

[GitHub] metron pull request #652: METRON-1039: Add ZIP function to Stellar

Github user simonellistonball commented on a diff in the pull request: https://github.com/apache/metron/pull/652#discussion_r127231248 --- Diff: metron-stellar/stellar-common/README.md --- @@ -711,6 +713,18 @@ In the core language functions, we support basic functional programming

[GitHub] metron pull request #652: METRON-1039: Add ZIP function to Stellar

Github user ottobackwards commented on a diff in the pull request: https://github.com/apache/metron/pull/652#discussion_r127230597 --- Diff: metron-stellar/stellar-common/README.md --- @@ -711,6 +713,18 @@ In the core language functions, we support basic functional programming

[GitHub] metron pull request #652: METRON-1039: Add ZIP function to Stellar

Github user cestella commented on a diff in the pull request: https://github.com/apache/metron/pull/652#discussion_r127227967 --- Diff: metron-stellar/stellar-common/README.md --- @@ -711,6 +713,18 @@ In the core language functions, we support basic functional programming primitiv

[GitHub] metron pull request #650: METRON-1038: Stellar should have a better collecti...

Github user ottobackwards commented on a diff in the pull request: https://github.com/apache/metron/pull/650#discussion_r127220715 --- Diff: metron-stellar/stellar-common/src/main/java/org/apache/metron/stellar/dsl/functions/MathFunctions.java --- @@ -25,17 +25,39 @@ import

[GitHub] metron pull request #650: METRON-1038: Stellar should have a better collecti...

Github user ottobackwards commented on a diff in the pull request: https://github.com/apache/metron/pull/650#discussion_r127220966 --- Diff: metron-stellar/stellar-common/src/main/java/org/apache/metron/stellar/dsl/functions/MathFunctions.java --- @@ -25,17 +25,39 @@ import

[GitHub] metron pull request #520: METRON-833: Update MaaS documentation to explain h...

Github user asfgit closed the pull request at: https://github.com/apache/metron/pull/520 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is

[GitHub] metron pull request #648: METRON-1033 Corrected profiler docs units on expir...

Github user asfgit closed the pull request at: https://github.com/apache/metron/pull/648 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is

[GitHub] metron issue #648: METRON-1033 Corrected profiler docs units on expires fiel...

Github user nickwallen commented on the issue: https://github.com/apache/metron/pull/648 +1 Thanks for the fix, Simon --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and

[GitHub] metron issue #620: Metron-988: UI for viewing alerts generated by Metron

Github user iraghumitra commented on the issue: https://github.com/apache/metron/pull/620 @mraliagha Glad, it worked and thanks for persisting with the issue. As for supporting multiple Elasticsearch urls. Are you looking for a load balancer between two ES that has the same

[GitHub] metron pull request #651: METRON-1037 Added POWER function

GitHub user simonellistonball opened a pull request: https://github.com/apache/metron/pull/651 METRON-1037 Added POWER function ## Contributor Comments This is a quick addition to the Math functions. It may be worth revising following the work @cestella did this morning to

[GitHub] metron pull request #650: METRON-1038: Stellar should have a better collecti...

GitHub user cestella opened a pull request: https://github.com/apache/metron/pull/650 METRON-1038: Stellar should have a better collection of basic math operations ## Contributor Comments At the moment the math functions are woefully incomplete. We should add at least the

[GitHub] metron issue #620: Metron-988: UI for viewing alerts generated by Metron

Github user iraghumitra commented on the issue: https://github.com/apache/metron/pull/620 @mraliagha I can get them from ES as I mentioned in my earlier comments, there was a bug in the code that was displaying only the fields names from bro indexes. It is fixed in this