Re: tuning search query on alert UI

2019-09-04 Thread tkg_cangkul
query all data on my alert UI but the proccess run too slow. especially on my first execute search button. sometimes i had “request time out” from the response. pls advice, Best Regards, tkg_cangkul --- Thank you, James Sirota PMC- Apache Metron jsirota AT

Re: Invite for Merton slack channel

2019-07-08 Thread tkg_cangkul
could you invite me too please? On 08/07/19 23:05, zeo...@gmail.com wrote: You got it. - Jon Zeolla zeo...@gmail.com On Mon, Jul 8, 2019 at 10:15 AM David Auclair > wrote: Could I also get an invite please? Thanks in advance, Dave

Re: [ask] problem about hbase profiler

2019-07-02 Thread tkg_cangkul
o the Profiler? * What are your Profiler properties? * How many profiles do you have and what are they doing? Provide the profile definitions. On Mon, Jul 1, 2019 at 3:04 AM tkg_cangkul <mailto:yuza.ras...@gmail.com>> wrote: Hi, i've a problem about hbase profile

[ask] problem about hbase profiler

2019-07-01 Thread tkg_cangkul
Hi, i've a problem about hbase profiler on metron. i've found if there are some inconsistentcy data that insert to hbase. sometimes insert normally but sometimes doesn't inserted. if not inserted, there are an error msg on storm (rebalance... Max poll()). I've set 2 worker for profiler.

[ask] detect unsual login duration

2019-05-15 Thread tkg_cangkul
Hi, Does metron support to do detection an unusual login duration? For example. IP A login for 3 days without logout. then metron will give some alert to us. If this possible, how to do that? Pls help. Best Regards, Tkg_cangkul

Re: use another geoIP db for enrichment

2019-04-01 Thread tkg_cangkul
Well Ok i'll try to create my own stellar function first . Thanks a lot for your help Yerex :) Best Regards, Tkg_cangkul On 01/04/19 23:13, Yerex, Tom wrote: I don't know of any Geo IP that is free and provides better accuracy than geolite. There are some Geo IP sites that offer a certain

Re: use another geoIP db for enrichment

2019-04-01 Thread tkg_cangkul
ah i see. so i just need to create the stellar function to do this. Ok i'll try it. Thanks a lot for your help nick Best Regards, Tkg_cangkul On 01/04/19 23:08, Nick Allen wrote: You would just have to create your own Stellar function that performs the geo-IP lookup using your alternative

use another geoIP db for enrichment

2019-04-01 Thread tkg_cangkul
Hi, Is there any ways to use another geoIP for metron.? I wanna try to use another geoIP other than geolite. if it's possible, pls give me some reference link to do this. Best Regards, Tkg_cangkul

what version metron on HCP 1.8.0

2019-01-21 Thread tkg_cangkul
is service_version" : "0.6.0.1.8.0.0" i've tried to install it on ambari and the stack version is metron 0.6.0 pls help. Best Regards, Tkg_Cangkul

Re: [ask] upgrade metron

2019-01-01 Thread tkg_cangkul
Is there a safe way to do an upgrade ? do you have some advice to do this ? Best Regards, Tkg_cangkul On 02/01/19 14:03, Pieter Baele wrote: AFAIK currently not. But with a bit planning (and testing), an upgrade is quite fast. Sincerely Pieter On Wed, Jan 2, 2019 at 7:44 AM tkg_cangkul

[ask] upgrade metron

2019-01-01 Thread tkg_cangkul
Hi all, Does apache metron support upgrade version with patching file? how if i want to upgrade the version without reinstall all components? Pls advice. Best Regards, Tkg_cangkul

Re: ask about profiler rule

2017-10-24 Thread tkg_cangkul
e include logstash into metron? You can use Logstash to push data into Kafka. Metron would then consume it from Kafka. On Tue, Oct 24, 2017 at 4:59 AM, tkg_cangkul <yuza.ras...@gmail.com <mailto:yuza.ras...@gmail.com>> wrote: Do you have any sample configuration or something l

ask about profiler rule

2017-10-24 Thread tkg_cangkul
Hi, anybody can explained to me this rule of profiler config please ? { "profile": "failed-logins", "foreach": "user.name ", "onlyif": "source.type == 'activedirectory' and event.type == 'failed_login'" "init": { "count": 0 }, "update": {

Re: multiple pattern grok parser in 1 file

2017-10-23 Thread tkg_cangkul
. There is an error message like this on storm logs: Caused by: java.lang.RuntimeException: Grok statement produced a null message. On 23/10/17 10:49, tkg_cangkul wrote: Hi Wasim, thx for your reply. So it means i should use logstash parser for metron? Is there any documentation about use logstash

Re: multiple pattern grok parser in 1 file

2017-10-22 Thread tkg_cangkul
Hi Wasim, thx for your reply. So it means i should use logstash parser for metron? Is there any documentation about use logstash parser for metron? I didn't found any documentation about that on metron. i just find logstash basic parser but there is no documentation about that. On 23/10/17

Re: event correlation on metron

2017-10-17 Thread tkg_cangkul
to correlate? Can you talk a little more about your use case? 16.10.2017, 02:23, "tkg_cangkul" <yuza.ras...@gmail.com>: hi, anyone could explain me about event correlation using apache metron? does metron support event correlation? Pls Advice --- Thank you, James Si

event correlation on metron

2017-10-16 Thread tkg_cangkul
hi, anyone could explain me about event correlation using apache metron? does metron support event correlation? Pls Advice

Re: metron dashboard timeout when loads many data

2017-10-10 Thread tkg_cangkul
are using Chrome, can you download the sense plugin and then run the following commands: GET /_cluster/health?pretty GET _cat/pending_tasks?v GET /_cat/nodes?v GET /_cluster/allocation/ And paste the output here? Thanks, James 09.10.2017, 22:25, "tkg_cangkul" <yuza.ras...@gmail.com&g

metron dashboard timeout when loads many data

2017-10-09 Thread tkg_cangkul
Hi, anyone have experienced with query heavy data on metron dashboard? i have 30Gb data. But when i try to load it all with metron dashboard in kibana, i have an error msg like below: *Request Timeout after 3ms *and then after that i've got this error msg too : *Caused by:

Re: Installation Issues

2017-09-27 Thread tkg_cangkul
what alert that you see on ambari? there are 24 alert on your screenshot below. On 27/09/17 13:50, Syed Hammad Tahir wrote: Ambari server and agent both are running On Wed, Sep 27, 2017 at 11:49 AM, tkg_cangkul <yuza.ras...@gmail.com <mailto:yuza.ras...@gmail.com>> wrote: M

Re: Installation Issues

2017-09-27 Thread tkg_cangkul
Maybe you can check the ambari-agent service first from the terminal. If it stopped, just start it manually and then you can check the ambari again. On 27/09/17 13:16, Syed Hammad Tahir wrote: This is what I see when I login into ambari. How do I check where cluster deployment failed?

Re: Installation Issues

2017-09-27 Thread tkg_cangkul
Maybe you can check the ambari-agent status first from the terminal. If the service stopped. just start it then you can check the ambari again. On 27/09/17 13:16, Syed Hammad Tahir wrote: This is what I see when I login into ambari. How do I check where cluster deployment failed? Inline image

Re: PCAP on dashboard

2017-06-07 Thread tkg_cangkul
integrate with it using your tool of choice. If you have use cases in mind, please feel free to share. On Fri, May 26, 2017 at 6:47 AM, tkg_cangkul <yuza.ras...@gmail.com <mailto:yuza.ras...@gmail.com>> wrote: hi, i'm trying to using PCAP on metron. i'm using pycapa

PCAP on dashboard

2017-05-26 Thread tkg_cangkul
hi, i'm trying to using PCAP on metron. i'm using pycapa now and i've success to store it into kafka and hdfs. So, what's the main function of PCAP on metron? can i show it to the dashboard? or it's just stored in hdfs only and read it by CLI.? Need Your Advice, Best Regards, Tkg_Cangkul