Github user DomenicPuzio commented on the pull request:
https://github.com/apache/incubator-metron/pull/115#issuecomment-218462405
@cestella, thank you so much for the feedback! I will get to work on fixing
the 'websphere.json' file that was causing some failed tests. I agree that a
negative case in the test class is a really good call.
@merrimanr, I agree that there is a good amount of overlap between this
parser and the GrokParser class. There was some custom behavior needed to
handle different log types, so I used GrokAsaParser (which also extends
BasicParser) as a model. Off the top of my head, there are several sources that
have different log types within a single source - Infoblox DNS, Checkpoint
Firewall, Big IP VPN - so we should determine a strategy to address those. I
like your idea of making the GrokParser more flexible so that we can easily
extend it and add custom behavior for sources like WebSphere. Is this something
that I should work to address in this PR or in a future refactoring? Either
way, I am more than happy to work on that!
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
