It sounds like you might have some issues with Elasticsearch templates. See here for more detail - https://github.com/apache/metron/tree/master/metron-platform/metron-elasticsearch/metron-elasticsearch-common
On Wed, Nov 6, 2019 at 8:25 AM Hema malini <[email protected]> wrote: > Hi all, > > I pushed data to elastic search indices from csv . Log data has been > parsed to CSV using customized parser and i am trying to view in metron > alerts and apply machine learning on top of those log data(Maas). I pushed > bro,snort,yaf logs to Metron .When i tried to push syslog in syslog 5424 > format, i was able to see those logs getting indexed in elastic search as > well as it is present in hdfs.But i couldn't view those system logs in > metron alerts ui and in Kibana also i am not able to get indexes like > *syslog5424 though index has been created.So i created index with * pattern. > > How to view syslog and custom parsed logs in csv in metron alerts.What > should be configured for data in elastic search to besent to Metron alerts > ui and for Maas as well.can someone pls help > > Thanks and Regards, > Hema > > >
