[jira] [Commented] (METRON-1494) Profiler Emits Messages to Kafka When Not Needed

Sat, 07 Apr 2018 11:13:24 -0700 

    [ 
https://issues.apache.org/jira/browse/METRON-1494?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16429490#comment-16429490
 ] 

ASF GitHub Bot commented on METRON-1494:
----------------------------------------

Github user nickwallen commented on a diff in the pull request:

    https://github.com/apache/metron/pull/967#discussion_r179923960
  
    --- Diff: 
metron-analytics/metron-profiler/src/main/java/org/apache/metron/profiler/bolt/KafkaEmitter.java
 ---
    @@ -58,19 +61,48 @@ public void declareOutputFields(OutputFieldsDeclarer 
declarer) {
       @Override
       public void emit(ProfileMeasurement measurement, OutputCollector 
collector) {
     
    -    JSONObject message = new JSONObject();
    -    message.put("profile", measurement.getDefinition().getProfile());
    -    message.put("entity", measurement.getEntity());
    -    message.put("period", measurement.getPeriod().getPeriod());
    -    message.put("period.start", 
measurement.getPeriod().getStartTimeMillis());
    -    message.put("period.end", measurement.getPeriod().getEndTimeMillis());
    -    message.put("timestamp", System.currentTimeMillis());
    -    message.put("source.type", sourceType);
    -    message.put("is_alert", "true");
    +    // only need to emit, if there are triage values
    +    Map<String, Object> triageValues = measurement.getTriageValues();
    +    if(MapUtils.isNotEmpty(triageValues)) {
    --- End diff --
    
    This is the core of the fix.  We only need to emit if there are triage 
values.


> Profiler Emits Messages to Kafka When Not Needed
> ------------------------------------------------
>
>                 Key: METRON-1494
>                 URL: https://issues.apache.org/jira/browse/METRON-1494
>             Project: Metron
>          Issue Type: Bug
>    Affects Versions: 0.4.2
>            Reporter: Nick Allen
>            Assignee: Nick Allen
>            Priority: Major
>             Fix For: Next + 1
>
>
> Using the 'result/triage' expression allows you to send profile data to 
> Kafka.  This allows you to leverage the Threat Triage functionality against 
> data coming out of the Profiler.
> If there is no 'result/triage' expression, then nothing should be sent to 
> Kafka.  Currently, a message containing some data, but no actual profile 
> value, is sent to Kafka.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to