[SOLVED] Re: Question on Windows event log ingest and parse

Correct, the grok parser pattern file is on HDFS. I combined the parserConfig's and its not working. The error has changed though, back to the timestamp. java.lang.IllegalStateException: Grok parser Error: For input string: "2017-05-03T23:28:58849Z" on {"@timestamp":"2017-05-03T23:28:58.849Z

Re: Question on Windows event log ingest and parse

And just to check… you have the pattern definition you previously sent in /patterns/winlogbeat (file) on HDFS. It looks like the most likely problem from your config is that you have two parserConfig elements. I suspect the second is over-riding the first, and hence you are losing the grokPath

Re: Question on Windows event log ingest and parse

Correction, deploying the Storm topology is this: /usr/metron/$METRON_VERSION/bin/start_parser_topology.sh -z `hostname -f`:2181 -k `hostname -f`:6667 -s winlogbeat From: Simon Elliston Ball Sent: Wednesday, May 3, 2017 5:59 PM To: user@metron.apache.org Su

Re: Question on Windows event log ingest and parse

Hi Simon, thanks for the quick reply. I would love to be a part of this project, just let me know what i can do. Also, i forgot to add that when i change things, i always 1. kill the storm topology 2. change a local parser/enrichment file 3. copy to the parser dir * cp winlogbea

unsubscribe

Luis Figueroa Solutions Engineer lfigue...@hortonworks.com 954.298.1144

Re: Build fails - unable to find https://raw.github.com

Hi Kevin, Thanks for trying Metron. This looks like an intermittent network failure of some sort. Are you able to repeatably run this and fail at the place each time? On May 3, 2017 3:00 PM, "Kevin Waterson" wrote: > Alll seems to go well until I get to raw.github.. output below > > My build > >

Re: Question on Windows event log ingest and parse

Hi Ed, Sounds like a really nice piece of work to get pushed into the core… how would you feel about taking that grok parser and formalising it into the core of Metron (happy to help there by the way). On the actual issue, is sounds like it’s likely to be something to do with conversion of th

Question on Windows event log ingest and parse

Metron version – 0.4.0 Single node install, bare metal install No significant changes to base install besides maintenance mode on elasticsearch mpack and manual configuration. I have a Windows 2012 server running AD, AD LDS, DNS, and DHCP. I installed Winlogbeat

Build fails - unable to find https://raw.github.com

Alll seems to go well until I get to raw.github.. output below My build sudo apt-get -y install ansible vagrant virtualbox python maven git sudo apt-get -y install openjdk-8-jdk javac -version export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64/ export PATH=$PATH:$HOME/bin:$JAVA_HOME/bin:$JAVA_

Re: Unable to build Metron, stuck at rpm-docker

I "fixed" it by disabling selinux... On 2017-05-03 08:33, Laurens Vets wrote: Hi List, I'm following this guide: https://cwiki.apache.org/confluence/display/METRON/Metron+with+HDP+2.5+bare-metal+install and Maven seems to fail after this: "cd metron-deployment/packaging/docker/rpm-docker" "mvn

Re: Unable to build Metron, stuck at rpm-docker

Did the command before that one run successfully? The one that looks like the following. cd incubator-metron mvn clean install -DskipTests -PHDP-2.5.0.0 I don't think you need to run the command that is failing you at all. I would think you already have the RPMs built. Can you run a command l

Unable to build Metron, stuck at rpm-docker

Hi List, I'm following this guide: https://cwiki.apache.org/confluence/display/METRON/Metron+with+HDP+2.5+bare-metal+install and Maven seems to fail after this: "cd metron-deployment/packaging/docker/rpm-docker" "mvn clean install -DskipTests -PHDP-2.5.0.0" Removing intermediate container 864