[ANNOUNCE] Apache Metron moved to Apache Attic

. Loosely speaking this means that the project's resources will be moved to a read-only state. You can read more about the Apache Attic and the process of moving to the Attic at http://attic.apache.org. You can follow this process in JIRA: https://issues.apache.org/jira/browse/ATTIC-190 Thank

Re: Drop events from Metron parser

At the parser level, there's some configuration you can use for filtering events. Specifically "filterClassName". Take a look at the documentation, you can either use a custom class, or use Stellar. The example is even for "exists(field)", which you could modify to fail for missing fields. https

[ANNOUNCE] Apache Metron-bro-plugin-kafka release 0.3.0

Hi all, I’m pleased to announce the release of Metron 0.3.0! It's been a little while coming, but there's a good number of improvements and fixes, both around functionality and testing. Thanks to everyone who's contributing to and using the plugin! Details: The official release source code tarb

[ANNOUNCE] Apache Metron release 0.7.1

Hi all, I’m pleased to announce the release of Metron 0.7.1! There's been a lot of work in put in for everything including fixes, improvements, documentation, refactoring, and discussion. Thanks to everyone who's contributed, and thanks to our users! There is a callout for users regarding the dev

Re: Unable to load geoip enrichments

Maxmind Geo/ASN enrichment doesn't go through HBase. Those files are pulled down and stored in memory (They're essentially queryable DBs for the data) during the lifetime of the Storm topology itself. If data isn't being enriched with Geo data (and as a sanity check, make sure you're properly conf

Re: Central Navigation Use Case

This feels like our personas should correspond to roles and the navigation available potentially based on that. Especially for smaller groups and POC type stuff, I'd expect there's people with overlapping personas. At that point, central nav either displays available UIs (especially if we add mor

[ANNOUNCE] Apache Metron release 0.7.0

Hi all, I’m pleased to announce the release of Metron 0.7.0! There's been a lot of work on improvements, upgrades, discussion, and more. Thanks to everyone who's contributed, and thank you to our users. Details: The official release source code tarballs may be obtained at any of the mirrors liste

Re: Metron dev environments moving to require Ansible 2.4+

I'm +1 on getting the PR merged in. I'd just follow up on this thread post merge to let everyone know they have to switch if they haven't. On Fri, Sep 28, 2018 at 9:32 AM zeo...@gmail.com wrote: > Hi All, > > As it currently sits, once METRON-1758 >

[ANNOUNCE] Apache Metron release 0.6.0

Hi All, I’m happy to announce the release of Metron 0.6.0! There's a been a lot of great work everywhere on the project, and thanks to both everyone who contributed and our users. Details: The official release source code tarballs may be obtained at any of the mirrors listed in http://www.apache.

Re: Google Cloud Platform

Unfortunately, I have no familiarity with GCP at all, but a good place to start *may* be by reverse engineering some of our EC2 instructions . You might be able to sub in GCP steps as needed for provisioning and more or less

[ANNOUNCE] Apache Metron release 0.5.0

Hi All, I’m happy to announce the release of Metron 0.5.0! Everyone has put in a lot of working into improvements, new features, and discussion. Thanks to everyone who contributed, and I look forward to having users enjoy our new features and improvements. Details: The official release source c

Solr Feature Branch

Hi all, An earlier thread on the dev list discussed upgrading Solr and bringing it to feature parity with Elasticsearch. We also wanted to inform the larger user list for any

Re: Enable geo enrichment

There is also a Stellar function for doing geo lookups. http://metron.apache.org/current-book/metron-stellar/stellar-common/index.html#GEO_GET It'll return a map of the fields when given an IP. On Thu, Oct 5, 2017 at 5:37 PM, Simon Elliston Ball < si...@simonellistonball.com> wrote: > And incase

Re: MaaS and Metron Architecture talks at DataWorks Summit SJ 2017

Could we put these up on the wiki page for tech talks in the community? That page could probably use some love, although I know we've had discussions about what we should do with wiki content. https://cwiki.apache.org/confluence/display/METRON/Tech+Talks On Thu, Aug 3, 2017 at 10:32 AM, Casey Ste

Re: Geo enrichment failure after blocking internet connectivity

My expectation is that /apps/metron/geo is empty (or at least has no files in subdirs), can you verify this? Assuming it is empty, you should be able to place the file ( http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz) into HDFS at /apps/metron/geo/default/GeoLite2-City.mmd

Re: [ANNOUNCE] Apache Metron 0.4.0 release

Congrats, everyone! A lot of people helped out across the board, and I look forward to everyone's contributions moving ahead. On Wed, Jul 5, 2017 at 4:47 PM, Otto Fowler wrote: > Thank you Matt, your first metron release as well! > Congratulations to the community. > > > On July 5, 2017 at 16:3

Re: kerberizing Metron's Deployment on real cluster

Not sure if this is the case for you, but if the KDC was never set up to issue renewable tickets, but the principals were already created, you'll have to edit them to issue renewable tickets (KDC change doesn't affect existing principals). See point 3: https://github.com/apache/metron/blob/master/