Hello all,
There is one my point that isn't clear for me. When sending data into Metron,
are all the events all indexed sent to Elastic and / or HDFS, or only the
events that trigger a triage rule?
For now I'm trying to send some FW logs in Metron, I feed a Kafka topic with
Nifi, I can see tha
All events are indexed by default.
See if this guide helps you any.
https://cwiki.apache.org/confluence/display/METRON/Adding+a+New+Telemetry+Data+Source
On Mon, Apr 8, 2019 at 2:49 AM wrote:
> Hello all,
>
>
>
> There is one my point that isn’t clear for me. When sending data into
> Metron, ar
on for me? I guess I’m not the first one with kind
of issue but I cannot find any case close to mine.
From: Nick Allen [mailto:n...@nickallen.org]
Sent: Monday, April 08, 2019 15:17
To: user@metron.apache.org
Subject: Re: Metron concept
All events are indexed by default.
See if this guide hel
> *From:* Nick Allen [mailto:n...@nickallen.org]
> *Sent:* Monday, April 08, 2019 15:17
> *To:* user@metron.apache.org
> *Subject:* Re: Metron concept
>
>
>
> All events are indexed by default.
>
>
>
> See if this guide helps you any.
> https://cwiki.apache
...@simonellistonball.com]
Sent: Monday, April 08, 2019 16:29
To: user@metron.apache.org
Subject: Re: Metron concept
Are you seeing events on the enrichments topic, and if so, are they getting to
indexing? Any messages in the storm logs for these topologies?
Are you also certain the parser is correct, and there are
: 'user@metron.apache.org'
Subject: RE: Metron concept
Hello Simon,
I send just one line at a time, and the line has been validated in the Metron
UI. I see no message in the topology logs. I switched to DEBUG mode, and I can
see the following sequence again and again:
2019-04-08 16
images and have
never faced issues like this…
Any idea?
Thanks,
Stéphane
From: DAVY Stephane OBS/CSO
Sent: Monday, April 08, 2019 17:56
To: user@metron.apache.org
Subject: RE: Metron concept
Well, I realize that the console-consumer works with the—zookeeper option,
which is the “old consumer
> never faced issues like this…
>
> Any idea?
>
> Thanks,
>
> Stéphane
>
>
> From: DAVY Stephane OBS/CSO
> Sent: Monday, April 08, 2019 17:56
> To: user@metron.apache.org
> Subject: RE: Metron concept
>
> Well, I realize that the console-con
find any kind of option around this behavior.
> Moreover, we regularly use Kafka for some other purpose with our docker
> images and have never faced issues like this…
>
>
>
> Any idea?
>
>
>
> Thanks,
>
>
>
> Stéphane
>
>
>
>
>
> *From:* D
@metron.apache.org
Subject: Re: Metron concept
Hi Stephane,
seeing this only now, so it might be a little late. Have you resolved it?
If not: How many Kafka nodes are you using? I had a similar issue using only
one broker, while the default config expects more brokers. The way you describe
this issue
10 matches
Mail list logo
