Github user merrimanr commented on the issue:
https://github.com/apache/metron/pull/1000
I tested this in full dev and the results were somewhat inconsistent. I
listened on the enrichments topic with the kafka-console-consumer tool in one
window:
```
/usr/hdp/current/kafka-broker/bin/kafka-console-consumer.sh -z node1:2181
--topic enrichments
```
While repeatedly running this command in another:
```
KAFKA_FIND('enrichments', m -> MAP_GET('source.type', m) == 'snort')
```
About 25-50% of the time the Stellar shell returned `[]` and the other
times it would return a snort message as expected.
How long will this command listen until it times out (or is it based on
number of messages read)? Sometimes it returned an empty array immediately.
Is this configurable?
---
