[GitHub] incubator-metron issue #507: METRON-819: Document kafka console producer par...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/507 +1 Rockin! --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes

[GitHub] incubator-metron issue #537: METRON-864 fix typo in indexing readme

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/537 +1 Thanks for the fix @ctramnitz ! --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have

[GitHub] incubator-metron issue #520: METRON-833: Update MaaS documentation to explai...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/520 +1 Thanks --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes

[GitHub] incubator-metron issue #408: METRON-608 Mpack to install a single-node test ...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/408 @mattf-horton Still needed? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature

[GitHub] incubator-metron issue #523: METRON-842: Add dynamic templates for risk scor...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/523 +1 via inspection. Good addition. Elasticsearch tends to guess wrong. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well

[GitHub] incubator-metron issue #524: METRON-836 Use Pycapa with Kerberos

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/524 Would love to get this reviewed. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have

[GitHub] incubator-metron pull request #510: METRON-821 Minor fixes in full dev kerbe...

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/510#discussion_r111482378 --- Diff: metron-deployment/vagrant/Kerberos-setup.md --- @@ -87,147 +86,159 @@ sudo -u hdfs hdfs dfs -chmod 770 /user/metron ![enable

[GitHub] incubator-metron pull request #510: METRON-821 Minor fixes in full dev kerbe...

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/510#discussion_r111453498 --- Diff: metron-deployment/vagrant/Kerberos-setup.md --- @@ -263,5 +272,12 @@ cat sample-yaf.txt | ${HDP_HOME}/kafka-broker/bin/kafka-console

[GitHub] incubator-metron issue #521: METRON-835 Use Profiler with Kerberos

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/521 And you are right @mmiklavc . I should keep formatting changes separate, if not a separate PR, separate commits at least. Will keep that in mind for the future. --- If your project

[GitHub] incubator-metron issue #521: METRON-835 Use Profiler with Kerberos

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/521 I think the ACL issue was because there was a loop iterating over the topics setting the ACLs. The 'yaf' topic was not in that loop so the ACL was never set. I changed it so none

[GitHub] incubator-metron pull request #507: METRON-819: Document kafka console produ...

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/507#discussion_r64016 --- Diff: metron-deployment/vagrant/Kerberos-setup.md --- @@ -221,6 +221,10 @@ curl -XGET "${ZOOKEEPER}:9200/yaf*/_count"

[GitHub] incubator-metron pull request #510: METRON-821 Minor fixes in full dev kerbe...

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/510#discussion_r62379 --- Diff: metron-deployment/vagrant/Kerberos-setup.md --- @@ -167,39 +167,48 @@ KafkaClient { serviceName="kafka" prin

[GitHub] incubator-metron pull request #510: METRON-821 Minor fixes in full dev kerbe...

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/510#discussion_r63138 --- Diff: metron-deployment/vagrant/Kerberos-setup.md --- @@ -263,5 +272,12 @@ cat sample-yaf.txt | ${HDP_HOME}/kafka-broker/bin/kafka-console

[GitHub] incubator-metron pull request #510: METRON-821 Minor fixes in full dev kerbe...

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/510#discussion_r61348 --- Diff: metron-deployment/vagrant/Kerberos-setup.md --- @@ -107,23 +107,23 @@ ${HDP_HOME}/kafka-broker/bin/kafka-topics.sh --zookeeper

[GitHub] incubator-metron issue #521: METRON-835 Use Profiler with Kerberos

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/521 > We would normally want to push format changes to a separate PR because it's hard to follow what has changed here, I don't know if we have a normal. I've seen many instan

[GitHub] incubator-metron pull request #524: METRON-836 Use Pycapa with Kerberos

GitHub user nickwallen opened a pull request: https://github.com/apache/incubator-metron/pull/524 METRON-836 Use Pycapa with Kerberos This PR makes the necessary changes for Pycapa to work in a Kerberized environment. * The previous Kafka client library used by Pycapa did

[GitHub] incubator-metron issue #514: METRON-829 Use Fastcapa with Kerberos

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/514 Kicking Travis --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled

[GitHub] incubator-metron pull request #514: METRON-829 Use Fastcapa with Kerberos

GitHub user nickwallen reopened a pull request: https://github.com/apache/incubator-metron/pull/514 METRON-829 Use Fastcapa with Kerberos Yes, you can use Fastcapa with Kerberos with no code change. I describe the entire process in the README. This PR is dependent

[GitHub] incubator-metron pull request #514: METRON-829 Use Fastcapa with Kerberos

Github user nickwallen closed the pull request at: https://github.com/apache/incubator-metron/pull/514 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so

[GitHub] incubator-metron issue #514: METRON-829 Use Fastcapa with Kerberos

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/514 Ok. The instructions should be ready-to-go now. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does

[GitHub] incubator-metron pull request #521: METRON-835 Use Profiler with Kerberos

GitHub user nickwallen opened a pull request: https://github.com/apache/incubator-metron/pull/521 METRON-835 Use Profiler with Kerberos ## Contributor Comments * Enhanced the Kerberos documentation to outline additional steps needed to use the Profiler with Kerberos

[GitHub] incubator-metron issue #507: METRON-819: Document kafka console producer par...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/507 FYI I was able to get this working. Mike's docs are 100% correct, there were just a few minor steps that tripped me up (like using relative paths instead of absolute paths.) I updated

[GitHub] incubator-metron issue #514: METRON-829 Use Fastcapa with Kerberos

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/514 @cestella Thanks. Duh. That makes sense. Thinking back, I probably just needed the JAAS stuff since I was trying to test with the Kafka Console Producer before landing data

[GitHub] incubator-metron issue #507: METRON-819: Document kafka console producer par...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/507 I think I am confusing steps (12) and (13) from your instructions or something. But something else weird is going on. I'm just not sure what. It seems like the ACLs were set

[GitHub] incubator-metron issue #507: METRON-819: Document kafka console producer par...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/507 > Anything going on in the kafka broker logs in /var/log/...? @cestella Nothing interesting that I can find in the logs, unfortunately. --- If your project is set

[GitHub] incubator-metron issue #507: METRON-819: Document kafka console producer par...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/507 The issues that I am having currently are with Quick Dev. But I have actually been able to do this on a separate cluster in a slightly different way. On the other cluster, I did

[GitHub] incubator-metron issue #507: METRON-819: Document kafka console producer par...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/507 > @mmiklavc Can you try listing and applying acls with the root user instead of metron? Ok, sure. 1. As root, I can see the ACLs. But oddly there are none

[GitHub] incubator-metron issue #517: METRON-831: Add lambda expressions and rudiment...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/517 Do the higher order functions only work on lists right now? For example, can I reduce a map? If not, we can tackle later, but just want to understand the scope. --- If your project

[GitHub] incubator-metron issue #517: METRON-831: Add lambda expressions and rudiment...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/517 Really great contribution. This is going to be so useful. I agree that it might be better to mimic the syntax from an existing language. Personally, I think any of the 3

[GitHub] incubator-metron issue #514: METRON-829 Use Fastcapa with Kerberos

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/514 @cestella I had thought that the setup for the Bro Plugin (the work you did in #501) would be almost the same as the setup for Fastcapa. My assumption was wrong though. I had

[GitHub] incubator-metron issue #514: METRON-829 Use Fastcapa with Kerberos

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/514 That was it. Thanks @JonZeolla ! --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have

[GitHub] incubator-metron issue #514: METRON-829 Use Fastcapa with Kerberos

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/514 @JonZeolla I notice that the rendering of the code under the following text looks wonky. Although, I have no idea why. Any thoughts? > 6. Ensure that the device was bo

[GitHub] incubator-metron pull request #514: METRON-829 Use Fastcapa with Kerberos

GitHub user nickwallen opened a pull request: https://github.com/apache/incubator-metron/pull/514 METRON-829 Use Fastcapa with Kerberos Yes, you can use Fastcapa with Kerberos with no code changes. I describe the entire process in the README. This PR is dependent

[GitHub] incubator-metron pull request #509: METRON-822 Improve Fastcapa Performance

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/509#discussion_r109944158 --- Diff: metron-sensors/fastcapa/src/args.c --- @@ -84,62 +95,167 @@ int parse_args(int argc, char** argv) // parse arguments

[GitHub] incubator-metron pull request #509: METRON-822 Improve Fastcapa Performance

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/509#discussion_r109944087 --- Diff: metron-sensors/fastcapa/src/kafka.c --- @@ -21,11 +21,113 @@ #define POLL_TIMEOUT_MS 1000 /* - * data structures

[GitHub] incubator-metron issue #509: METRON-822 Improve Fastcapa Performance

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/509 The additional commits are showing up as Github is out-of-sync with Apache. That should clear-up once they sync back up. --- If your project is set up for it, you can reply

[GitHub] incubator-metron pull request #501: METRON-812: Make the bro-kafka plugin wo...

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/501#discussion_r109178396 --- Diff: metron-sensors/bro-plugin-kafka/README.md --- @@ -0,0 +1,160 @@ +Bro Logging Output to Kafka

[GitHub] incubator-metron pull request #501: METRON-812: Make the bro-kafka plugin wo...

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/501#discussion_r109171010 --- Diff: metron-sensors/bro-plugin-kafka/README.md --- @@ -0,0 +1,160 @@ +Bro Logging Output to Kafka

[GitHub] incubator-metron pull request #422: METRON-670 Monit Incorrectly Reports Sta...

Github user nickwallen closed the pull request at: https://github.com/apache/incubator-metron/pull/422 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so

[GitHub] incubator-metron issue #480: METRON-770 Unable to Launch Fastcapa Test Envir...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/480 No worries. I missed it too. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature

[GitHub] incubator-metron pull request #480: METRON-770 Unable to Launch Fastcapa Tes...

GitHub user nickwallen opened a pull request: https://github.com/apache/incubator-metron/pull/480 METRON-770 Unable to Launch Fastcapa Test Environment Unable to launch the Fastcapa test environment. Errors out during launch with the following error. ``` TASK

[GitHub] incubator-metron issue #436: METRON-671: Refactor existing Ansible deploymen...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/436 That's great, @mmiklavc. I am also a +1. I was able to test this successfully on Quick Dev and Full Dev. --- If your project is set up for it, you can reply to this email and have

[GitHub] incubator-metron issue #436: METRON-671: Refactor existing Ansible deploymen...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/436 I have been able to launch "Quick Dev" with deployment report. Thanks for the fix @dlyle65535 I have been fighting a bit with the AWS deployment. I ran into

[GitHub] incubator-metron issue #436: METRON-671: Refactor existing Ansible deploymen...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/436 I was able to start over on "Quick Dev" and get it running. Maybe I wasn't patient enough on the first run. It still did not show the deployment report, so I'

[GitHub] incubator-metron issue #436: METRON-671: Refactor existing Ansible deploymen...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/436 > but I don't know what made the map not work to fix it? Technically, we had two versions of the dashboard. Maybe the "legacy" dashboard deployed via Ansible usin

[GitHub] incubator-metron issue #436: METRON-671: Refactor existing Ansible deploymen...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/436 > @justinleet - wrt the Dashboard changes, the map shows up. If you've saved off a bunch of changes, you may want to clobber mine, but make sure the map shows up when you're d

[GitHub] incubator-metron issue #436: METRON-671: Refactor existing Ansible deploymen...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/436 Something bad happened when I tried to run "Quick Dev" with the latest code. * I ran a `vagrant up` and the command completed successfully. * But no "de

[GitHub] incubator-metron pull request #436: METRON-671: Refactor existing Ansible de...

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/436#discussion_r104569239 --- Diff: metron-deployment/roles/metron-builder/tasks/main.yml --- @@ -15,4 +15,7 @@ # limitations under the License

[GitHub] incubator-metron pull request #436: METRON-671: Refactor existing Ansible de...

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/436#discussion_r104558938 --- Diff: metron-deployment/roles/metron-builder/tasks/main.yml --- @@ -15,4 +15,7 @@ # limitations under the License

[GitHub] incubator-metron pull request #436: METRON-671: Refactor existing Ansible de...

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/436#discussion_r104558496 --- Diff: metron-deployment/roles/metron-builder/tasks/main.yml --- @@ -15,4 +15,7 @@ # limitations under the License

[GitHub] incubator-metron pull request #436: METRON-671: Refactor existing Ansible de...

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/436#discussion_r104553128 --- Diff: metron-deployment/roles/quick_dev/tasks/main.yml --- @@ -15,23 +15,50 @@ # limitations under the License

[GitHub] incubator-metron pull request #436: METRON-671: Refactor existing Ansible de...

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/436#discussion_r104539908 --- Diff: metron-deployment/roles/kafka-broker/tasks/main.yml --- @@ -1,41 +0,0 @@ -# -# Licensed to the Apache Software Foundation

[GitHub] incubator-metron pull request #436: METRON-671: Refactor existing Ansible de...

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/436#discussion_r104540418 --- Diff: metron-deployment/roles/kibana/README.md --- @@ -1,35 +0,0 @@ -Kibana 4 - - -This role installs Kibana along

[GitHub] incubator-metron pull request #436: METRON-671: Refactor existing Ansible de...

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/436#discussion_r104542365 --- Diff: metron-deployment/roles/quick_dev/tasks/main.yml --- @@ -15,23 +15,50 @@ # limitations under the License

[GitHub] incubator-metron pull request #436: METRON-671: Refactor existing Ansible de...

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/436#discussion_r104543437 --- Diff: metron-deployment/vagrant/full-dev-platform/Vagrantfile --- @@ -53,7 +53,7 @@ hosts = [{ Vagrant.configure(2) do |config

[GitHub] incubator-metron pull request #436: METRON-671: Refactor existing Ansible de...

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/436#discussion_r104537561 --- Diff: metron-deployment/packaging/packer-build/.gitignore --- @@ -1,6 +1,6 @@ .bundle/ iso -*.box +builds/base-centos-6.7

[GitHub] incubator-metron issue #453: METRON-694: Index Errors from Topologies

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/453 I will create an issue to track the possibility for looping. Other than that, this looks good. +1 --- If your project is set up for it, you can reply to this email and have

[GitHub] incubator-metron issue #453: METRON-694: Index Errors from Topologies

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/453 I think focusing on the one specific error that we've seen is not the right way to think about this. Many different types of errors would cause unexpected looping, no? When unexpected

[GitHub] incubator-metron issue #468: METRON-744: Allow Stellar functions to be loade...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/468 One thing, I didn't wrap my head around before is there there are really two, independent parts to this PR. I am not against these co-existing in the same PR, but I want

[GitHub] incubator-metron pull request #468: METRON-744: Allow Stellar functions to b...

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/468#discussion_r103729198 --- Diff: metron-analytics/metron-profiler/pom.xml --- @@ -339,6 +339,7

[GitHub] incubator-metron pull request #468: METRON-744: Allow Stellar functions to b...

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/468#discussion_r103715008 --- Diff: metron-platform/metron-common/src/main/java/org/apache/metron/common/dsl/functions/resolver/ClasspathFunctionResolver.java

[GitHub] incubator-metron issue #453: METRON-694: Index Errors from Topologies

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/453 I think how you have it as a fine approach. Just need to doc it as such. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well

[GitHub] incubator-metron issue #453: METRON-694: Index Errors from Topologies

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/453 I like the flexibility of the new MessageGetter stuff. I don't understand when I would use a `DEFAULT_JSON_FROM_FIELD` versus a `JSON_FROM_FIELD`. Some basic javadocs on those new

[GitHub] incubator-metron issue #449: METRON-701 Triage Metrics Produced by the Profi...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/449 I think this is ready for final review. Come one, come all. Would love to get this closed out. --- If your project is set up for it, you can reply to this email and have your reply

[GitHub] incubator-metron pull request #468: METRON-744: Allow Stellar functions to b...

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/468#discussion_r103684910 --- Diff: metron-analytics/metron-profiler/pom.xml --- @@ -339,6 +339,7

[GitHub] incubator-metron pull request #468: METRON-744: Allow Stellar functions to b...

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/468#discussion_r103549252 --- Diff: metron-platform/metron-common/src/main/java/org/apache/metron/common/dsl/functions/resolver/ClasspathFunctionResolver.java

[GitHub] incubator-metron pull request #468: METRON-744: Allow Stellar functions to b...

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/468#discussion_r103548884 --- Diff: metron-platform/metron-common/src/main/java/org/apache/metron/common/dsl/functions/resolver/ClasspathFunctionResolver.java

[GitHub] incubator-metron pull request #468: METRON-744: Allow Stellar functions to b...

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/468#discussion_r103549438 --- Diff: metron-platform/metron-common/src/main/java/org/apache/metron/common/dsl/functions/resolver/ClasspathFunctionResolver.java

[GitHub] incubator-metron pull request #468: METRON-744: Allow Stellar functions to b...

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/468#discussion_r103549519 --- Diff: metron-platform/metron-common/src/main/java/org/apache/metron/common/dsl/functions/resolver/ClasspathFunctionResolver.java

[GitHub] incubator-metron pull request #468: METRON-744: Allow Stellar functions to b...

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/468#discussion_r103548147 --- Diff: metron-analytics/metron-profiler/pom.xml --- @@ -339,6 +339,7

[GitHub] incubator-metron pull request #468: METRON-744: Allow Stellar functions to b...

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/468#discussion_r103551859 --- Diff: metron-analytics/metron-profiler/pom.xml --- @@ -339,6 +339,7

[GitHub] incubator-metron issue #468: METRON-744: Allow Stellar functions to be loade...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/468 My understanding is that an index of the annotated classes is generated at compile-time and packaged in the jar file. When we perform function resolution, we are just searching

[GitHub] incubator-metron pull request #449: METRON-701 Triage Metrics Produced by th...

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/449#discussion_r103507775 --- Diff: metron-analytics/metron-profiler/src/main/java/org/apache/metron/profiler/bolt/KafkaDestinationHandler.java --- @@ -0,0 +1,106

[GitHub] incubator-metron pull request #449: METRON-701 Triage Metrics Produced by th...

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/449#discussion_r103496563 --- Diff: metron-analytics/metron-profiler/src/main/java/org/apache/metron/profiler/bolt/KafkaDestinationHandler.java --- @@ -0,0 +1,106

[GitHub] incubator-metron pull request #449: METRON-701 Triage Metrics Produced by th...

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/449#discussion_r103496145 --- Diff: metron-analytics/metron-profiler/src/main/java/org/apache/metron/profiler/bolt/KafkaDestinationHandler.java --- @@ -0,0 +1,106

[GitHub] incubator-metron pull request #449: METRON-701 Triage Metrics Produced by th...

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/449#discussion_r103494594 --- Diff: metron-analytics/metron-profiler/src/main/java/org/apache/metron/profiler/bolt/KafkaDestinationHandler.java --- @@ -0,0 +1,106

[GitHub] incubator-metron pull request #449: METRON-701 Triage Metrics Produced by th...

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/449#discussion_r103493583 --- Diff: metron-analytics/metron-profiler/src/main/java/org/apache/metron/profiler/bolt/KafkaDestinationHandler.java --- @@ -0,0 +1,106

[GitHub] incubator-metron issue #449: METRON-701 Triage Metrics Produced by the Profi...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/449 I made the required changes and updated the PR description to reflect that. Please take a look and review. --- If your project is set up for it, you can reply to this email and have

[GitHub] incubator-metron issue #438: METRON-686 Record Rule Set that Fired During Th...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/438 Ok, I flattened the threat score with the latest commit. The PR description has also been updated to match current state. Please take a gander. --- If your project is set up

[GitHub] incubator-metron issue #438: METRON-686 Record Rule Set that Fired During Th...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/438 Sounds good, looks like there are more votes for option 2. I'll go that route. Gracias! --- If your project is set up for it, you can reply to this email and have your reply appear

[GitHub] incubator-metron issue #449: METRON-701 Triage Metrics Produced by the Profi...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/449 > Am I missing something? Is there a way to define the topic dynamically while using the BulkMessageWriterBolt & KafkaMessageWriter classes unchanged? Created [METRON-738

[GitHub] incubator-metron issue #449: METRON-701 Triage Metrics Produced by the Profi...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/449 > Ninja Edit: I think the kafka topic written to should be pulled from zookeeper... @cestella I remember now why I settled on making the topic name a static configuration f

[GitHub] incubator-metron issue #462: METRON-734 Builds failing because of MaxMind DB...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/462 > Given the fact that we are without a working build, the failure here is a known sporadic failure and the Travis queue seems to be very backed up lately, I move that we wait fo

[GitHub] incubator-metron issue #463: METRON-728: ReaderSpliteratorTest fails randoml...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/463 Why do we need this for only one of our tests? Why are other tests not impacted by this issue? Do you think this is the best fix or a 'good-enough' band-aid? --- If your project

[GitHub] incubator-metron issue #449: METRON-701 Triage Metrics Produced by the Profi...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/449 > Be backwards compatible with the current syntax. This proposed syntax isn't directly backwards compatible. Were you assuming we would do a translation of so

[GitHub] incubator-metron issue #449: METRON-701 Triage Metrics Produced by the Profi...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/449 @cestella Thanks for laying out your other ideas for Medium and Longer term. We can open those up for community debate on separate JIRAs, but it was very worthwhile for you to begin

[GitHub] incubator-metron issue #449: METRON-701 Triage Metrics Produced by the Profi...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/449 **Near Term:** I like it. I think we've converged on "near term". Yay! I will tackle these items as part of this PR. > **Longer Term:** ... In this world,

[GitHub] incubator-metron issue #449: METRON-701 Triage Metrics Produced by the Profi...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/449 I think what I mean is a little different (but maybe I've missed your point.) For example, when @james-sirota first reviewed this PR he was confused why we would send data

[GitHub] incubator-metron issue #438: METRON-686 Record Rule Set that Fired During Th...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/438 @ottobackwards @cestella @justinleet - Let me know what you guys think on my previous comment about how to move forward on this PR. I think we have a rough outline

[GitHub] incubator-metron issue #449: METRON-701 Triage Metrics Produced by the Profi...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/449 I can see the value of the additional flexibility here. Of course, the flip side is that I am always worried about too much complexity, as you probably guessed. I don't know

[GitHub] incubator-metron issue #449: METRON-701 Triage Metrics Produced by the Profi...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/449 Still thinking through the implications, but it looks pretty clean and intuitive this way (at least more intuitive). ``` { "profiles": [ {

[GitHub] incubator-metron issue #449: METRON-701 Triage Metrics Produced by the Profi...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/449 Outside the scope of your "multiple result" idea that I need to think more on... The one thing I did not like about both approaches is the terminology. Kin

[GitHub] incubator-metron issue #449: METRON-701 Triage Metrics Produced by the Profi...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/449 > You seem to be sending every profile into kafka, not just the configured ones Just for clarity, you can define the destination for each profile. It defau

[GitHub] incubator-metron issue #438: METRON-686 Record Rule Set that Fired During Th...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/438 So assuming we put aside the issue of flattening the data per METRON-735, what should be the go-forward for this PR? I outlined two options above. Please share your opinions on those

[GitHub] incubator-metron issue #438: METRON-686 Record Rule Set that Fired During Th...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/438 Ha... oops. Yep, we agree. Add your commentary to METRON-735. You're suggesting a specific implementation, which is good. --- If your project is set up for it, you can reply

[GitHub] incubator-metron issue #438: METRON-686 Record Rule Set that Fired During Th...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/438 Created [METRON-735](https://issues.apache.org/jira/browse/METRON-735), in case this idea gains wider support from the community. --- If your project is set up for it, you can reply

[GitHub] incubator-metron issue #438: METRON-686 Record Rule Set that Fired During Th...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/438 @ottobackwards Yep, good call out. We should address the JSON mapper as you described also. --- If your project is set up for it, you can reply to this email and have your reply

[GitHub] incubator-metron issue #438: METRON-686 Record Rule Set that Fired During Th...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/438 > if you look at the JSONMapParser, Casey and I implemented a flattener... @ottobackwards Thanks for pointing that out. If we end up going with option 2, I will try and re

[GitHub] incubator-metron issue #453: METRON-694: Index Errors from Topologies

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/453 Thanks @merrimanr . Error message has tons of useful fields. I like it. I think your option 2 above ('source.type=error' with a separate field for original source type) would

[GitHub] incubator-metron issue #438: METRON-686 Record Rule Set that Fired During Th...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/438 I really could use some opinions on the go-forward here. I see two options. (1) Assume that any indexer that cannot handle complex types is currently broken. * Since

  1   2   3   4   5   6   7   >