How did you validate the logs are making it to the indexing topology? On Fri, Apr 5, 2019 at 8:12 AM Hema malini <nhemamalin...@gmail.com> wrote:
> > Hi, > > > > We have installed Metron 0.7.1 in centos 7 using Amabari.Using Nifi we > sent the sample snort logs copied from metron git repo to snort kafka > topic.We did the same for bro topic.Logs are getting parsed and reached > indexing topology . Elastic search indices are not getting created though > we gave elastic search template install from ambari. So manually created > the elastic search index using template available in metron repo. Though > elastic search index is present , data from indexing toplogy neither > reached elastic search nor hdfs path .There are no errors in storm toplogy > logs.We could see the sample log in Metron management ui. How we can send > the logs to alerts ui and kibana dashboard. In kibana dashboard we could > see two dashboards - Metron-Dashboard,Metron-Error-Dashboard created but > with no data. Elasticsearch health is yellow and we are able to insert data > via rest call. Any documentation on sending the smaple snort logs to metron > alerts ui will be helpful . Any configuration from metron management ui is > required to pass it to alerts –ui > > > > > > Thanks and Regards > > Hema > > > > > > >
