Also, looks like this is being run on Chromium, which we don't explicitly support, but this probably should not impact the response from the REST service. REST logs would be great to attach here.
03.09.2019, 08:24, "Michael Miklavcic" <[email protected]>:
Tibor,That sounds like a bug somewhere in REST or the indexing alert logic. Can you share the full stack trace?Thanks,MikeOn Tue, Sep 3, 2019 at 5:36 AM Tibor Meller <[email protected]> wrote:Hi,I also made a quick investigation around this issue. What I found is even when I get the 500 from the server the alert entries seems properly updated after I'm refreshing the list. The error appears in 20% of bulk updates of alerts and the message says "ConcurentModificationException: ".Probably would be better to involve @mmiklavcic or @rmerriman to this.On Tue, Sep 3, 2019 at 12:25 PM Shane Ardell <[email protected]> wrote:No worries about the delay. Thanks for confirming that you're getting the same thing. Let me investigate a little more and reply shortly.On Tue, Sep 3, 2019 at 5:42 AM Rendi 7936 <[email protected]> wrote:I'm sorry, sir to reply you very late. I just moved to Splunk Project several days ago. And moved back to Apache Metron again.Yes, i can see the error. I will attach the screenshot. So, do you know how to fix this?Actually, i think it should not be happen. Because the data that displayed in Apache Metron Alert is same as ElasticSearch.Because they share same type data and field name.Is this will be fixed in upgrade to HDP 3.1 ?On Tue, Jul 30, 2019, 3:11 PM Shane Ardell <[email protected]> wrote:If I understand you correctly, your original 2 questions have been resolved after reinstalling. However, now when you change alert_status from NEW to ESCALATE, you are not seeing the status change?
When you change alert_status from NEW to ESCALATE, are you seeing a console error in your browser's dev tools like the one I included in my previous message?On Fri, Jul 26, 2019 at 12:56 PM Rendi 7936 <[email protected]> wrote:My problem in this question are1. I can not change alert_status from NEW to ESCALATE, etc.2. When i click an alert, data from alert don't show in the side panel.But, this time is different now. I have solved any of it after i fresh install HDP, HDF, and HCP.But, my another question is when i change alert_status from NEW to ESCALATE.Why is escalation topic do not running ? How make it running in Storm UI ?On Fri, Jul 26, 2019, 4:42 PM Shane Ardell <[email protected]> wrote:Could you explain how it's not working for you? Is the button not opening a dropdown menu for you to select from? Or are you able to select an alert status from the dropdown but you do not see a change in status? The buttons itself seems to work fine for me using the latest from the master branch and testing on full dev.
On a related note, while it seems I'm able to update individual alert status alright, I noticed that I'm intermittently getting a 500 error back from the server when I try to batch apply an alert status change with the ACTIONS button. Is this what you're running into? Here's what my dev tools console looks like when this failure happens.On Thu, Jul 25, 2019 at 9:02 PM Michael Miklavcic <[email protected]> wrote:I don't have the UI up currently. Can Tibor, Shane, or Tamas provide any comment on this?On Wed, Jul 24, 2019 at 9:54 PM Rendi 7936 <[email protected]> wrote:Good morning,
Hi there,
I have implemented Apache Metron 0.7.1 with Hortonworks Cyber Security
Platform. My state now, i can display alert with a score in Alert UI.
But, there are something fishy here. ACTIONS button in Alert UI is not
working, even i click it after selected some alert. At first, i think
Alert UI is still development process, so i do not think it too much.
But, after i see video about Alert UI in youtube (
https://youtu.be/9qjAmoWfEVc ). I know i was wrong. Alert UI is
working, so please can you help me what is going on happen here ?
And is escalation topic is not started by default when Apache Metron start ?
Thanks for your time for helping me out
Best regards,
Rendiyono Wahyu Saputro
On Fri, Jul 26, 2019, 4:42 PM Shane Ardell <[email protected]> wrote:Could you explain how it's not working for you? Is the button not opening a dropdown menu for you to select from? Or are you able to select an alert status from the dropdown but you do not see a change in status? The buttons itself seems to work fine for me using the latest from the master branch and testing on full dev.
On a related note, while it seems I'm able to update individual alert status alright, I noticed that I'm intermittently getting a 500 error back from the server when I try to batch apply an alert status change with the ACTIONS button. Is this what you're running into? Here's what my dev tools console looks like when this failure happens.On Thu, Jul 25, 2019 at 9:02 PM Michael Miklavcic <[email protected]> wrote:I don't have the UI up currently. Can Tibor, Shane, or Tamas provide any comment on this?On Wed, Jul 24, 2019 at 9:54 PM Rendi 7936 <[email protected]> wrote:Good morning,
Hi there,
I have implemented Apache Metron 0.7.1 with Hortonworks Cyber Security
Platform. My state now, i can display alert with a score in Alert UI.
But, there are something fishy here. ACTIONS button in Alert UI is not
working, even i click it after selected some alert. At first, i think
Alert UI is still development process, so i do not think it too much.
But, after i see video about Alert UI in youtube (
https://youtu.be/9qjAmoWfEVc ). I know i was wrong. Alert UI is
working, so please can you help me what is going on happen here ?
And is escalation topic is not started by default when Apache Metron start ?
Thanks for your time for helping me out
Best regards,
Rendiyono Wahyu Saputro
-------------------
Thank you,
James Sirota
PMC- Apache Metron
jsirota AT apache DOT org
