If you or one of your co-workers is comfortable using JavaScript, there are a couple of visualization libraries you can use: take a look at cytoscape.js and sigma.js, not offer pretty good visualization options and cytoscape.js supports a decent number of graph algorithms...both would require you to do some front-end development.
Sent from my iPhone > On Jan 2, 2019, at 09:27, Pieter Baele <pieter.ba...@gmail.com> wrote: > > To be honest, primary use case is just for the fancy representation of some > data. A lot of people like nice graphs (in both meanings) > I am also not yet sure on which functionality is most important (to create a > ticket) > > I saw an example, written in a C# framework on a subset of a security related > dataset. > The databackend in that case really can't be used for large scale analysis. > I also saw a demo movie of a Metron-based distribution. > > Thanks a lot for the responses! > > >> On Wed, Jan 2, 2019 at 1:37 PM Simon Elliston Ball >> <si...@simonellistonball.com> wrote: >> Graph enables a number of interesting use cases, and it really depends on >> what you’re after as to which tech makes sense. >> >> Spark graphx is a strong contender for analytics of things like betweenness >> and community linkage on HDFS indexed data. That would tend to be batch and >> through something like zeppelin. The very latest zeppelin also supports a >> network visualisation method which gives a graph like visual option. >> >> For more interactive, streaming graph and alerting on graph an actual graph >> database makes more sense. I’ve seen some work done around Metron stacks >> with janusgraph, which leans on solr and Hbase so avoids adding too much >> complexity. Janus is not an apache project, but should be includable. At >> present I’ve only seen that used in Metron based distributions rather than >> Metron core. >> >> Simon >> >> >>> On 2 Jan 2019, at 11:59, Otto Fowler <ottobackwa...@gmail.com> wrote: >>> >>> Pieter, >>> Can you create a jira with your use case? It is important to capture. We >>> have some outstanding jira’s around graph support. >>> >>> >>>> On January 2, 2019 at 04:40:23, Stefan Kupstaitis-Dunkler >>>> (stefan....@gmail.com) wrote: >>>> >>>> Hi Pieter, >>>> >>>> >>>> >>>> Happy new year! >>>> >>>> >>>> >>>> I believe that always depends on a lot of factors and applies to any kind >>>> of visualization problem with big amounts of data: >>>> >>>> How fast do you need the visualisations available? >>>> How up-to-date do they need to be? >>>> How complex? >>>> How beautiful/custom modified? >>>> How familiar are you with these frameworks? (could be a reason not to use >>>> a lib if they are otherwise equal in capabilities) >>>> >>>> >>>> It sounds like you want to create a simple histogram across the full >>>> history of stored data. So I’ll throw in another option, that is commonly >>>> used for such use cases: >>>> >>>> Zeppelin notebook: >>>> Access data stored in HDFS via Hive. >>>> A bit of preparation in Hive is required (and can be scheduled), e.g. >>>> creating external tables and converting data into a more efficient format, >>>> such as ORC. >>>> >>>> >>>> Best, >>>> >>>> Stefan >>>> >>>> >>>> >>>> From: Pieter Baele <pieter.ba...@gmail.com> >>>> Reply-To: "user@metron.apache.org" <user@metron.apache.org> >>>> Date: Wednesday, 2. January 2019 at 07:50 >>>> To: "user@metron.apache.org" <user@metron.apache.org> >>>> Subject: Graphs based on Metron or PCAP data >>>> >>>> >>>> >>>> Hi, >>>> >>>> >>>> >>>> (and good New Year to all as well!) >>>> >>>> >>>> >>>> What would you consider as the easiest approach to create a Graph based >>>> primarly on ip_dst and ip_src adresses and the number (of connections) of >>>> those? >>>> >>>> >>>> >>>> I was thinking: >>>> >>>> - graph functionality in Elastic stack, but limited (ex only recent data >>>> in 1 index?) >>>> >>>> - interfacing with Neo4J >>>> >>>> - GraphX using Spark? >>>> >>>> - using R on data stored in HDFS? >>>> >>>> - using Python: plotly? Pandas? >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> Sincerely >>>> >>>> Pieter
