Hello all, I have installed a 3 node system using the bare metal Centos 7 guideline.
https://cwiki.apache.org/confluence/display/METRON/Metron+0.4.0+with+HDP+2.5+bare-metal+install+on+Centos+7+with+MariaDB+for+Metron+REST It has taken me a while to have all components working properly and I left the yaf,bro,snort apps running so quite a lot of data has been generated. Currently, I have almost 18 million events identified in Kibana. 16+ million are yaf based, and 2+ million are snort .... 190 events are my new squid telemetry, :). It looks like it still has a while to go before it catches up to current day. I recently shutdown the apps. My questions are: 1. Is there a way to wipe all my data and indices clean so that I may now begin with a fresh dataset? 2. Is there a way to configure yaf so that its data is meaningful ? It is currently creating what looks to be test data? 3. I have commented out the test snort rule but it is still generating the odd record which looks once again looks like test data. Can this be stopped as well? Kindest regards, Frank
