[
https://issues.apache.org/jira/browse/METRON-1453?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16550932#comment-16550932
]
Casey Stella commented on METRON-1453:
--------------------------------------
I'll also chime in that there are use-cases where the downstream enveloped
messages might have multiple parsers pulling from the same kafka topic (e.g. 1
parser sending data to enrichments, 1 parser sending different data to hbase as
a streaming enrichment).
> Create a Generic Syslog Base Parser Capability
> ----------------------------------------------
>
> Key: METRON-1453
> URL: https://issues.apache.org/jira/browse/METRON-1453
> Project: Metron
> Issue Type: New Feature
> Reporter: Otto Fowler
> Assignee: Otto Fowler
> Priority: Major
>
> We have several parsers now, with many imaginable that are based on syslog,
> where the format is SYSLOG HEADER MESSAGE.
> With message being in a different format. It would be great is we
> had a way to generically handle syslog headers, such that ANY parser data
> could come over syslog.
> Either you could have a custom parser, or configure CSV or JSON such that
> they could be the payload, such that you can handle JSON over syslog by
> configuration only.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
