Github user cestella commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/208#discussion_r75317251
--- Diff: metron-analytics/metron-profiler/README.md ---
@@ -0,0 +1,229 @@
+# Metron Profiler
+
+The Profiler is a feature extraction mechanism that can generate a profile
describing the behavior of an entity on a network. An entity might be a
server, user, subnet or application. Once a profile has been generated defining
what normal behavior looks-like, models can be built that identify anomalous
behavior.
+
+This is achieved by summarizing the streaming telemetry data consumed by
Metron over sliding windows. A summary statistic is applied to the data
received within a given window. Collecting this summary across many windows
results in a time series that is useful for analysis.
+
+## Usage
+
+Any field contained within a message can be used to generate a profile. A
profile can even be produced from combining fields that originate in different
data sources. A user has considerable power to transform the data used in a
profile by leveraging the Stellar language. A user only need configure the
desired profiles in Zookeeper and ensure that the Profiler topology is running.
+
+### Configuration
+
+The Profiler configuration requires a JSON-formatted set of elements, many
of which can contain Stellar code. The configuration contains the following
elements.
+
+* `profile` A unique name identifying the profile.
+* `foreach` A separate profile is maintained for each of these. This is
effectively the entity that the profile is describing. For example, if
`ip_src_addr` then a separate profile would be maintained for each unique IP
source address.
--- End diff --
Should we indicate that these are stellar statements and link to the
language ref in metron-common's README?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
