GitHub user mmiklavc opened a pull request:
https://github.com/apache/incubator-metron/pull/156
METRON-235 Expose filtering capability for PCAP via CLI tool
In the process of testing with Vagrant, but wanted to get this in front of
people for review.
Relevant Jira:
https://issues.apache.org/jira/browse/METRON-235
In the process of upgrading to Kibana 4, we lost our about to query/filter
pcap results. This PR exposes the 2 methods for filtering PCAP data, fixed
parameters and the "Stellar" query language, via a command line tool. The tool
is executed via ${metron_home}/bin/pcap_query.sh
**Note**: I also tweaked the mem settings for Ambari mapreduce to get
around persistent OOO errors - mapreduce container sizes (mapreduce.[map |
reduce].memory.mb) have been increased to 1.2 GiB, mapreduce.[map |
reduce].java.opts have been increased to 1 GiB.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/mmiklavc/incubator-metron METRON-235
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/incubator-metron/pull/156.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #156
----
commit 9d0b83febcd7b8f7e43fdf114a99770436415cf3
Author: Michael Miklavcic <[email protected]>
Date: 2016-06-16T20:18:10Z
METRON-235 Expose filtering capability for PCAP via CLI tool
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
