Github user cestella commented on a diff in the pull request:
https://github.com/apache/metron/pull/1099#discussion_r203115089
--- Diff: use-cases/parser_chaining/README.md ---
@@ -233,3 +233,10 @@ cat ~/data.log |
/usr/hdp/current/kafka-broker/bin/kafka-console-producer.sh --b
```
You should see indices created for the `cisco-5-304` and `cisco-6-302`
data with appropriate fields created for each type.
+
+# Aggregated Parsers with Parser Chaining
+Chained parsers can be run as aggregated parsers. These parsers continue
to use the sensor specific Kafka topics, and do not do internal routing to the
appropriate sensor.
+
--- End diff --
I think we should adjust, as a follow-on, ambari to accept proper CSV for
parsers. So, if you want groups you just quote the groups. E.g. let's say you
input the following: `bro,"snort,yaf"`
That would create the following topologies:
* `bro`
* `snort` and `yaf` aggregated
---
