Github user nickwallen commented on the issue:
https://github.com/apache/metron/pull/620
Great. This is good to go. Going to merge now.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this
Github user merrimanr commented on the issue:
https://github.com/apache/metron/pull/620
+1 nice work @iraghumitra
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/620
+1
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the
Github user simonellistonball commented on the issue:
https://github.com/apache/metron/pull/620
+1 I'm good with this. My one niggle will be dealt with by other follow on
issues.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub
Github user cestella commented on the issue:
https://github.com/apache/metron/pull/620
+1 by inspection, great job @iraghumitra
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
Github user BlackHatJohnDoe commented on the issue:
https://github.com/apache/metron/pull/620
My request was implemented but other than that, I didn't test this
comprehensively enough to vote on it. I will hold my peace (and excitement)
for this PR =)
---
If your project is set up
Github user nickwallen commented on the issue:
https://github.com/apache/metron/pull/620
+1 This looks great, Raghu! Nice work. I look forward to getting this
large contribution merged in.
Before we merge, let's try to get a nod from everyone else who chimed in on
Github user nickwallen commented on the issue:
https://github.com/apache/metron/pull/620
@iraghumitra Thanks for clarifying the licensing issue. LGTM
@ottobackwards An automated license check for NPM packages would be a nice
addition. Probably a good follow-on.
---
If
Github user iraghumitra commented on the issue:
https://github.com/apache/metron/pull/620
@nickwallen metron-alerts package.json already mentions that it is Apache
2.0 licensed. The license-checker tool reports the license of private repos as
'UNLICENSED' hence the issue. You can
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/620
These lic. check commands needs to make their way into the build, like we
do with the java stuff.
---
If your project is set up for it, you can reply to this email and have your
reply appear
Github user nickwallen commented on the issue:
https://github.com/apache/metron/pull/620
If we just focus on the production dependencies, which AFAIK is all we need
to worry about, then I think the licenses are not a problem.
```
$ license-checker --production | grep
Github user iraghumitra commented on the issue:
https://github.com/apache/metron/pull/620
@nickwallen The e2e tests are working fine i checked them again you need to
do the below two setps in two consoles.
```
metron-interface/metron-alerts » ./scripts/start-server-for-e2e.sh
Github user iraghumitra commented on the issue:
https://github.com/apache/metron/pull/620
@mraliagha The rest interface for retrieving elastic data is on the way I
would suggest we should handle it over there. If you have any simpler way to
accomplish it in UI plz feel free to
Github user mraliagha commented on the issue:
https://github.com/apache/metron/pull/620
@iraghumitra Have you found any way to manage multiple Elasticsearch
endpoints for load-balancing?
---
If your project is set up for it, you can reply to this email and have your
reply appear on
Github user nickwallen commented on the issue:
https://github.com/apache/metron/pull/620
@iraghumitra I really like what you've done. There is a ton of
functionality here and it works great. I did not find any functional problems
beyond what you've already called out. I think we
Github user nickwallen commented on the issue:
https://github.com/apache/metron/pull/620
Ran a license check on all dependencies, including transitive.
```
$ npm -g license-checker
$ cd metron-interface/metron-alerts
$ license-checker | grep licenses | sort | uniq
Github user nickwallen commented on the issue:
https://github.com/apache/metron/pull/620
It seems the end-to-end tests are failing for me. This is what I did to
run them. The README is not totally clear to me on how these should be run.
1. `cd
Github user BlackHatJohnDoe commented on the issue:
https://github.com/apache/metron/pull/620
When doing an `npm install` I got:
```
node-pre-gyp info check checked for
Github user nickwallen commented on the issue:
https://github.com/apache/metron/pull/620
Thanks @iraghumitra . That fixed the build. Will continue taking a look
at it.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well.
Github user iraghumitra commented on the issue:
https://github.com/apache/metron/pull/620
@nickwallen I fixed the build issue. Looks like the package-lock.json
didn't do its job I will check it.
---
If your project is set up for it, you can reply to this email and have your
reply
Github user nickwallen commented on the issue:
https://github.com/apache/metron/pull/620
@BlackHatJohnDoe Thanks.
Would you be able to run the following and share the output? I'd like to
compare what I have on a Mac versus what is working for you.
```
cd
Github user BlackHatJohnDoe commented on the issue:
https://github.com/apache/metron/pull/620
@nickwallen I had similar issues on my macOS system but when I went to
CentOS it worked as is just fine. I didn't go back and revisit - some brief
research showed some versioning issues
Github user nickwallen commented on the issue:
https://github.com/apache/metron/pull/620
Did anything else change around dependencies that need installed? I cannot
get the `metron-alerts` project to build. The only reference I see is Node >
7.8.
```
$ mvn clean install
Github user mraliagha commented on the issue:
https://github.com/apache/metron/pull/620
@iraghumitra You're welcome.
As a load balancer. For Elasticsearch client, if you provide a list of
endpoints, it acts as a load balancer to make sure one of them will not get
Github user iraghumitra commented on the issue:
https://github.com/apache/metron/pull/620
@mraliagha Glad, it worked and thanks for persisting with the issue.
As for supporting multiple Elasticsearch urls. Are you looking for a load
balancer between two ES that has the same
Github user iraghumitra commented on the issue:
https://github.com/apache/metron/pull/620
@mraliagha I can get them from ES as I mentioned in my earlier comments,
there was a bug in the code that was displaying only the fields names from bro
indexes. It is fixed in this
Github user mraliagha commented on the issue:
https://github.com/apache/metron/pull/620
@iraghumitra We are using ASA and CEF parsers. Can't you get the field
names dynamically from Elasticsearch?
---
If your project is set up for it, you can reply to this email and have your
reply
Github user mraliagha commented on the issue:
https://github.com/apache/metron/pull/620
@iraghumitra I've tested your latest commit and it is much better now.
However, I cannot see all the fields in the customise visible fields panel.
Github user mraliagha commented on the issue:
https://github.com/apache/metron/pull/620
@iraghumitra I am going to test your latest code to make sure the mentioned
issues haven't been resolved yet. I was using an older version of your build,
so it might be outdated.
---
If your
Github user merrimanr commented on the issue:
https://github.com/apache/metron/pull/620
I just added some comments related to abstracting the search service. Much
improved with the latest commits. I think we're almost there.
---
If your project is set up for it, you can reply to
Github user iraghumitra commented on the issue:
https://github.com/apache/metron/pull/620
@mraliagha
- For 1 can you check with the latest code base. I am unable to simulate
this.
- For 2 I am slightly confused here. I wanted to know the result of the
GET rest call`
Github user iraghumitra commented on the issue:
https://github.com/apache/metron/pull/620
@mraliagha added the fix suggested in "Retrieves all fields related to
events". For rest of the issues, I am happy to work on them if you can help me
with the data I need.
---
If your project
Github user iraghumitra commented on the issue:
https://github.com/apache/metron/pull/620
@mraliagha
- Do you see a play icon on the UI or a pause icon also can you share the
refresh interval that is set. You can click on the sliders icon before
paly/pause button to see this
Github user mraliagha commented on the issue:
https://github.com/apache/metron/pull/620
@iraghumitra I cannot see any error in JS console, except the following
warning which I don't think is really important.
Angular is running in the development mode. Call enableProdMode() to
Github user iraghumitra commented on the issue:
https://github.com/apache/metron/pull/620
@mraliagha Can you send me the screenshots for the below two issues and
also are you seeing any errors in js console ?
- The play/pause button doesn't work properly and creates and infinite
Github user mraliagha commented on the issue:
https://github.com/apache/metron/pull/620
Hi,
There are few issues that we have faced during our testing. However, I am
not sure they have been fixed already or not. I am just going to note them.
- The play/pause button
Github user iraghumitra commented on the issue:
https://github.com/apache/metron/pull/620
@cestella & @merrimanr I have abstracted all the API calls to
data-source.ts this should simplify plugging in any API provider.
@merrimanr plz let me know if search api looks better in
Github user iraghumitra commented on the issue:
https://github.com/apache/metron/pull/620
@merrimanr QueryBuilder is thought of as a model than a utils class, the
fields with '_' are used for display purpose and are not required to be
persisted. I will take an another pass to see if
Github user iraghumitra commented on the issue:
https://github.com/apache/metron/pull/620
@merrimanr sounds good I will map the field's as they are today. Can you
take another pass at it and let me know if it looks good.
---
If your project is set up for it, you can reply to this
Github user merrimanr commented on the issue:
https://github.com/apache/metron/pull/620
Here's an idea to get us started. A search request could look like:
```
{
"query": "ip_src_addr:192.168.66.1",
"from": 0,
"size": 25,
"sort": [
{
Github user merrimanr commented on the issue:
https://github.com/apache/metron/pull/620
If you want to make it specific to 'Alert' then I'm fine with that. I'm
not crazy about 'AlertsDTO', would prefer to keep the search result context in
the name, something like
Github user merrimanr commented on the issue:
https://github.com/apache/metron/pull/620
Just tested again and I am able to now remove the first filter and properly
filter on values with special characters (referrer field for example). I did
another pass and found some trivial issues
Github user iraghumitra commented on the issue:
https://github.com/apache/metron/pull/620
@merrimanr I missed escaping values for the search request. I fixed it now,
the 'referer' search should work now. Supporting 'OR' and 'NOT' operators in
search request needs some work is it fine
Github user iraghumitra commented on the issue:
https://github.com/apache/metron/pull/620
@merrimanr thanks for pointing me in the right direction.
@cestella I update the 'Contributor Comments' with all the required
information. Please let me know if I am missing anything
---
If
Github user merrimanr commented on the issue:
https://github.com/apache/metron/pull/620
Ok I will assume anything related to Alert Status is a not-yet-functional
portion.
I am testing in full dev. For the 2 you are not able to reproduce:
- Add the "referrer" field
Github user iraghumitra commented on the issue:
https://github.com/apache/metron/pull/620
@merrimanr thanks for taking time to validate the UI
- This needs a fix
- Alert Status is a UI field that can be used to integrate with an
external ticketing system. This is just an
Github user merrimanr commented on the issue:
https://github.com/apache/metron/pull/620
I was able to get this running in "dev" mode against full dev based on
instructions in the README. This is a great start.
I've noticed several bugs while initially exploring the UI:
Github user cestella commented on the issue:
https://github.com/apache/metron/pull/620
So, given that we're planning on moving to the REST API to enable
index-specific capabilities, can you detail exactly which API calls that this
PR will require? We can then create JIRAs.
---
If
Github user iraghumitra commented on the issue:
https://github.com/apache/metron/pull/620
@cestella thanks for pointing me to PR #468 this is great. I will update
the PR with all the steps ASAIC. Meanwhile, if you want to give it a spin the
Readme has all the required info.
Github user cestella commented on the issue:
https://github.com/apache/metron/pull/620
@ottobackwards yes, that's exactly what I mean. I want to make sure this
work is teed up to easily use the rest-api.
---
If your project is set up for it, you can reply to this email and have
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/620
I think and hope what @cestella is saying is that we would hope that the
metron ui's are not tied to an optional back end, but rather to the rest-api.
Thus Metron alerts will work with
Github user cestella commented on the issue:
https://github.com/apache/metron/pull/620
I think it's ok to not integrate with REST for the first cut, but I'd like
to see the UI layer architected in such a way that when we do integrate with
the REST layer, it'll not span more than
52 matches
Mail list logo
