All events are indexed by default. See if this guide helps you any. https://cwiki.apache.org/confluence/display/METRON/Adding+a+New+Telemetry+Data+Source
On Mon, Apr 8, 2019 at 2:49 AM <stephane.d...@orange.com> wrote: > Hello all, > > > > There is one my point that isn’t clear for me. When sending data into > Metron, are all the events all indexed sent to Elastic and / or HDFS, or > only the events that trigger a triage rule? > > > > For now I’m trying to send some FW logs in Metron, I feed a Kafka topic > with Nifi, I can see that the topic has data thanks to Kafka CLI, but > nothing more happens after I’ve configured a new source from UI management… > > > > Stéphane > > _________________________________________________________________________________________________________________________ > > Ce message et ses pieces jointes peuvent contenir des informations > confidentielles ou privilegiees et ne doivent donc > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu > ce message par erreur, veuillez le signaler > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages > electroniques etant susceptibles d'alteration, > Orange decline toute responsabilite si ce message a ete altere, deforme ou > falsifie. Merci. > > This message and its attachments may contain confidential or privileged > information that may be protected by law; > they should not be distributed, used or copied without authorisation. > If you have received this email in error, please notify the sender and delete > this message and its attachments. > As emails may be altered, Orange is not liable for messages that have been > modified, changed or falsified. > Thank you. > >
