Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/507
+1 Rockin!
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/537
+1 Thanks for the fix @ctramnitz !
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/520
+1 Thanks
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/408
@mattf-horton Still needed?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/523
+1 via inspection. Good addition. Elasticsearch tends to guess wrong.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/524
Would love to get this reviewed.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/510#discussion_r111482378
--- Diff: metron-deployment/vagrant/Kerberos-setup.md ---
@@ -87,147 +86,159 @@ sudo -u hdfs hdfs dfs -chmod 770 /user/metron
![enable
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/510#discussion_r111453498
--- Diff: metron-deployment/vagrant/Kerberos-setup.md ---
@@ -263,5 +272,12 @@ cat sample-yaf.txt |
${HDP_HOME}/kafka-broker/bin/kafka-console
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/521
And you are right @mmiklavc . I should keep formatting changes separate,
if not a separate PR, separate commits at least. Will keep that in mind for
the future.
---
If your project
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/521
I think the ACL issue was because there was a loop iterating over the
topics setting the ACLs. The 'yaf' topic was not in that loop so the ACL was
never set. I changed it so none
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/507#discussion_r64016
--- Diff: metron-deployment/vagrant/Kerberos-setup.md ---
@@ -221,6 +221,10 @@ curl -XGET "${ZOOKEEPER}:9200/yaf*/_count"
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/510#discussion_r62379
--- Diff: metron-deployment/vagrant/Kerberos-setup.md ---
@@ -167,39 +167,48 @@ KafkaClient {
serviceName="kafka"
prin
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/510#discussion_r63138
--- Diff: metron-deployment/vagrant/Kerberos-setup.md ---
@@ -263,5 +272,12 @@ cat sample-yaf.txt |
${HDP_HOME}/kafka-broker/bin/kafka-console
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/510#discussion_r61348
--- Diff: metron-deployment/vagrant/Kerberos-setup.md ---
@@ -107,23 +107,23 @@ ${HDP_HOME}/kafka-broker/bin/kafka-topics.sh
--zookeeper
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/521
> We would normally want to push format changes to a separate PR because
it's hard to follow what has changed here,
I don't know if we have a normal. I've seen many instan
GitHub user nickwallen opened a pull request:
https://github.com/apache/incubator-metron/pull/524
METRON-836 Use Pycapa with Kerberos
This PR makes the necessary changes for Pycapa to work in a Kerberized
environment.
* The previous Kafka client library used by Pycapa did
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/514
Kicking Travis
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled
GitHub user nickwallen reopened a pull request:
https://github.com/apache/incubator-metron/pull/514
METRON-829 Use Fastcapa with Kerberos
Yes, you can use Fastcapa with Kerberos with no code change. I describe
the entire process in the README.
This PR is dependent
Github user nickwallen closed the pull request at:
https://github.com/apache/incubator-metron/pull/514
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/514
Ok. The instructions should be ready-to-go now.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does
GitHub user nickwallen opened a pull request:
https://github.com/apache/incubator-metron/pull/521
METRON-835 Use Profiler with Kerberos
## Contributor Comments
* Enhanced the Kerberos documentation to outline additional steps needed to
use the Profiler with Kerberos
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/507
FYI I was able to get this working. Mike's docs are 100% correct, there
were just a few minor steps that tripped me up (like using relative paths
instead of absolute paths.) I updated
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/514
@cestella Thanks. Duh. That makes sense.
Thinking back, I probably just needed the JAAS stuff since I was trying to
test with the Kafka Console Producer before landing data
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/507
I think I am confusing steps (12) and (13) from your instructions or
something. But something else weird is going on. I'm just not sure what.
It seems like the ACLs were set
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/507
> Anything going on in the kafka broker logs in /var/log/...?
@cestella Nothing interesting that I can find in the logs, unfortunately.
---
If your project is set
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/507
The issues that I am having currently are with Quick Dev. But I have
actually been able to do this on a separate cluster in a slightly different
way. On the other cluster, I did
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/507
> @mmiklavc Can you try listing and applying acls with the root user
instead of metron?
Ok, sure.
1. As root, I can see the ACLs. But oddly there are none
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/517
Do the higher order functions only work on lists right now? For example,
can I reduce a map? If not, we can tackle later, but just want to understand
the scope.
---
If your project
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/517
Really great contribution. This is going to be so useful.
I agree that it might be better to mimic the syntax from an existing
language. Personally, I think any of the 3
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/514
@cestella I had thought that the setup for the Bro Plugin (the work you did
in #501) would be almost the same as the setup for Fastcapa. My assumption was
wrong though. I had
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/514
That was it. Thanks @JonZeolla !
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/514
@JonZeolla I notice that the rendering of the code under the following text
looks wonky. Although, I have no idea why. Any thoughts?
> 6. Ensure that the device was bo
GitHub user nickwallen opened a pull request:
https://github.com/apache/incubator-metron/pull/514
METRON-829 Use Fastcapa with Kerberos
Yes, you can use Fastcapa with Kerberos with no code changes. I describe
the entire process in the README.
This PR is dependent
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/509#discussion_r109944158
--- Diff: metron-sensors/fastcapa/src/args.c ---
@@ -84,62 +95,167 @@ int parse_args(int argc, char** argv)
// parse arguments
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/509#discussion_r109944087
--- Diff: metron-sensors/fastcapa/src/kafka.c ---
@@ -21,11 +21,113 @@
#define POLL_TIMEOUT_MS 1000
/*
- * data structures
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/509
The additional commits are showing up as Github is out-of-sync with Apache.
That should clear-up once they sync back up.
---
If your project is set up for it, you can reply
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/501#discussion_r109178396
--- Diff: metron-sensors/bro-plugin-kafka/README.md ---
@@ -0,0 +1,160 @@
+Bro Logging Output to Kafka
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/501#discussion_r109171010
--- Diff: metron-sensors/bro-plugin-kafka/README.md ---
@@ -0,0 +1,160 @@
+Bro Logging Output to Kafka
Github user nickwallen closed the pull request at:
https://github.com/apache/incubator-metron/pull/422
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/480
No worries. I missed it too.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
GitHub user nickwallen opened a pull request:
https://github.com/apache/incubator-metron/pull/480
METRON-770 Unable to Launch Fastcapa Test Environment
Unable to launch the Fastcapa test environment. Errors out during launch
with the following error.
```
TASK
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/436
That's great, @mmiklavc. I am also a +1. I was able to test this
successfully on Quick Dev and Full Dev.
---
If your project is set up for it, you can reply to this email and have
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/436
I have been able to launch "Quick Dev" with deployment report. Thanks for
the fix @dlyle65535
I have been fighting a bit with the AWS deployment. I ran into
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/436
I was able to start over on "Quick Dev" and get it running. Maybe I wasn't
patient enough on the first run.
It still did not show the deployment report, so I'
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/436
> but I don't know what made the map not work to fix it?
Technically, we had two versions of the dashboard. Maybe the "legacy"
dashboard deployed via Ansible usin
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/436
> @justinleet - wrt the Dashboard changes, the map shows up. If you've
saved off a bunch of changes, you may want to clobber mine, but make sure the
map shows up when you're d
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/436
Something bad happened when I tried to run "Quick Dev" with the latest
code.
* I ran a `vagrant up` and the command completed successfully.
* But no "de
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/436#discussion_r104569239
--- Diff: metron-deployment/roles/metron-builder/tasks/main.yml ---
@@ -15,4 +15,7 @@
# limitations under the License
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/436#discussion_r104558938
--- Diff: metron-deployment/roles/metron-builder/tasks/main.yml ---
@@ -15,4 +15,7 @@
# limitations under the License
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/436#discussion_r104558496
--- Diff: metron-deployment/roles/metron-builder/tasks/main.yml ---
@@ -15,4 +15,7 @@
# limitations under the License
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/436#discussion_r104553128
--- Diff: metron-deployment/roles/quick_dev/tasks/main.yml ---
@@ -15,23 +15,50 @@
# limitations under the License
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/436#discussion_r104539908
--- Diff: metron-deployment/roles/kafka-broker/tasks/main.yml ---
@@ -1,41 +0,0 @@
-#
-# Licensed to the Apache Software Foundation
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/436#discussion_r104540418
--- Diff: metron-deployment/roles/kibana/README.md ---
@@ -1,35 +0,0 @@
-Kibana 4
-
-
-This role installs Kibana along
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/436#discussion_r104542365
--- Diff: metron-deployment/roles/quick_dev/tasks/main.yml ---
@@ -15,23 +15,50 @@
# limitations under the License
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/436#discussion_r104543437
--- Diff: metron-deployment/vagrant/full-dev-platform/Vagrantfile ---
@@ -53,7 +53,7 @@ hosts = [{
Vagrant.configure(2) do |config
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/436#discussion_r104537561
--- Diff: metron-deployment/packaging/packer-build/.gitignore ---
@@ -1,6 +1,6 @@
.bundle/
iso
-*.box
+builds/base-centos-6.7
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/453
I will create an issue to track the possibility for looping.
Other than that, this looks good. +1
---
If your project is set up for it, you can reply to this email and have
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/453
I think focusing on the one specific error that we've seen is not the right
way to think about this. Many different types of errors would cause unexpected
looping, no? When unexpected
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/468
One thing, I didn't wrap my head around before is there there are really
two, independent parts to this PR.
I am not against these co-existing in the same PR, but I want
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/468#discussion_r103729198
--- Diff: metron-analytics/metron-profiler/pom.xml ---
@@ -339,6 +339,7
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/468#discussion_r103715008
--- Diff:
metron-platform/metron-common/src/main/java/org/apache/metron/common/dsl/functions/resolver/ClasspathFunctionResolver.java
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/453
I think how you have it as a fine approach. Just need to doc it as such.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/453
I like the flexibility of the new MessageGetter stuff. I don't understand
when I would use a `DEFAULT_JSON_FROM_FIELD` versus a `JSON_FROM_FIELD`. Some
basic javadocs on those new
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/449
I think this is ready for final review. Come one, come all. Would love to
get this closed out.
---
If your project is set up for it, you can reply to this email and have your
reply
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/468#discussion_r103684910
--- Diff: metron-analytics/metron-profiler/pom.xml ---
@@ -339,6 +339,7
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/468#discussion_r103549252
--- Diff:
metron-platform/metron-common/src/main/java/org/apache/metron/common/dsl/functions/resolver/ClasspathFunctionResolver.java
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/468#discussion_r103548884
--- Diff:
metron-platform/metron-common/src/main/java/org/apache/metron/common/dsl/functions/resolver/ClasspathFunctionResolver.java
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/468#discussion_r103549438
--- Diff:
metron-platform/metron-common/src/main/java/org/apache/metron/common/dsl/functions/resolver/ClasspathFunctionResolver.java
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/468#discussion_r103549519
--- Diff:
metron-platform/metron-common/src/main/java/org/apache/metron/common/dsl/functions/resolver/ClasspathFunctionResolver.java
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/468#discussion_r103548147
--- Diff: metron-analytics/metron-profiler/pom.xml ---
@@ -339,6 +339,7
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/468#discussion_r103551859
--- Diff: metron-analytics/metron-profiler/pom.xml ---
@@ -339,6 +339,7
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/468
My understanding is that an index of the annotated classes is generated at
compile-time and packaged in the jar file. When we perform function
resolution, we are just searching
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/449#discussion_r103507775
--- Diff:
metron-analytics/metron-profiler/src/main/java/org/apache/metron/profiler/bolt/KafkaDestinationHandler.java
---
@@ -0,0 +1,106
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/449#discussion_r103496563
--- Diff:
metron-analytics/metron-profiler/src/main/java/org/apache/metron/profiler/bolt/KafkaDestinationHandler.java
---
@@ -0,0 +1,106
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/449#discussion_r103496145
--- Diff:
metron-analytics/metron-profiler/src/main/java/org/apache/metron/profiler/bolt/KafkaDestinationHandler.java
---
@@ -0,0 +1,106
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/449#discussion_r103494594
--- Diff:
metron-analytics/metron-profiler/src/main/java/org/apache/metron/profiler/bolt/KafkaDestinationHandler.java
---
@@ -0,0 +1,106
Github user nickwallen commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/449#discussion_r103493583
--- Diff:
metron-analytics/metron-profiler/src/main/java/org/apache/metron/profiler/bolt/KafkaDestinationHandler.java
---
@@ -0,0 +1,106
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/449
I made the required changes and updated the PR description to reflect that.
Please take a look and review.
---
If your project is set up for it, you can reply to this email and have
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/438
Ok, I flattened the threat score with the latest commit. The PR
description has also been updated to match current state. Please take a gander.
---
If your project is set up
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/438
Sounds good, looks like there are more votes for option 2. I'll go that
route. Gracias!
---
If your project is set up for it, you can reply to this email and have your
reply appear
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/449
> Am I missing something? Is there a way to define the topic dynamically
while using the BulkMessageWriterBolt & KafkaMessageWriter classes unchanged?
Created [METRON-738
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/449
> Ninja Edit: I think the kafka topic written to should be pulled from
zookeeper...
@cestella I remember now why I settled on making the topic name a static
configuration f
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/462
> Given the fact that we are without a working build, the failure here is a
known sporadic failure and the Travis queue seems to be very backed up lately,
I move that we wait fo
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/463
Why do we need this for only one of our tests? Why are other tests not
impacted by this issue?
Do you think this is the best fix or a 'good-enough' band-aid?
---
If your project
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/449
> Be backwards compatible with the current syntax.
This proposed syntax isn't directly backwards compatible. Were you
assuming we would do a translation of so
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/449
@cestella Thanks for laying out your other ideas for Medium and Longer
term. We can open those up for community debate on separate JIRAs, but it was
very worthwhile for you to begin
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/449
**Near Term:** I like it. I think we've converged on "near term". Yay!
I will tackle these items as part of this PR.
> **Longer Term:** ... In this world,
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/449
I think what I mean is a little different (but maybe I've missed your
point.)
For example, when @james-sirota first reviewed this PR he was confused why
we would send data
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/438
@ottobackwards @cestella @justinleet - Let me know what you guys think on
my previous comment about how to move forward on this PR.
I think we have a rough outline
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/449
I can see the value of the additional flexibility here. Of course, the
flip side is that I am always worried about too much complexity, as you
probably guessed.
I don't know
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/449
Still thinking through the implications, but it looks pretty clean and
intuitive this way (at least more intuitive).
```
{
"profiles": [
{
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/449
Outside the scope of your "multiple result" idea that I need to think more
on...
The one thing I did not like about both approaches is the terminology.
Kin
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/449
> You seem to be sending every profile into kafka, not just the configured
ones
Just for clarity, you can define the destination for each profile. It
defau
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/438
So assuming we put aside the issue of flattening the data per METRON-735,
what should be the go-forward for this PR? I outlined two options above.
Please share your opinions on those
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/438
Ha... oops. Yep, we agree. Add your commentary to METRON-735. You're
suggesting a specific implementation, which is good.
---
If your project is set up for it, you can reply
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/438
Created [METRON-735](https://issues.apache.org/jira/browse/METRON-735), in
case this idea gains wider support from the community.
---
If your project is set up for it, you can reply
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/438
@ottobackwards Yep, good call out. We should address the JSON mapper as
you described also.
---
If your project is set up for it, you can reply to this email and have your
reply
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/438
> if you look at the JSONMapParser, Casey and I implemented a flattener...
@ottobackwards Thanks for pointing that out. If we end up going with
option 2, I will try and re
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/453
Thanks @merrimanr . Error message has tons of useful fields. I like it.
I think your option 2 above ('source.type=error' with a separate field for
original source type) would
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/438
I really could use some opinions on the go-forward here. I see two options.
(1) Assume that any indexer that cannot handle complex types is currently
broken.
* Since
1 - 100 of 618 matches
Mail list logo