[
https://issues.apache.org/jira/browse/METRON-1559?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ryan Merriman deleted METRON-1559:
----------------------------------
> Create Pcap Service
> -------------------
>
> Key: METRON-1559
> URL: https://issues.apache.org/jira/browse/METRON-1559
> Project: Metron
> Issue Type: Sub-task
> Reporter: Ryan Merriman
> Priority: Major
>
> We need a service that exposes the various Pcap endpoints. These include:
> * GET /api/v1/pcap/metadata?basePath - This endpoint will return metadata of
> pcap data stored in HDFS. This would include pcap size, date ranges (how far
> back can I go), etc. It would accept an optional HDFS basePath parameter for
> cases where pcap data is stored in multiple places and/or different from the
> default location.
> * POST /api/v1/pcap/fixed - This endpoint would accept a fixed pcap request,
> submit a pcap job, and return a job id. The request would be an object
> containing the options documented here for the fixed filter:
> [https://github.com/apache/metron/tree/master/metron-platform/metron-pcap-backend#query-filter-utility].
> A job will be associated with a user that submits it. An exception will be
> returned for violating constraints like too many queries submitted, query
> parameters out of limits, etc. A record of the user and job id will be
> persisted to a data store so a list of a user's jobs can later be retrieved.
> * POST /api/v1/pcap/query - This endpoint would accept a query pcap request,
> submit a pcap job, and return a job id. The request would be an object
> containing the options documented here for the query filter:
> [https://github.com/apache/metron/tree/master/metron-platform/metron-pcap-backend#query-filter-utility].
> A job will be associated with a user that submits it. An exception will be
> returned for violating constraints like too many queries submitted, query
> parameters out of limits, etc. A record of the user and job id will be
> persisted to a data store so a list of a user's jobs can later be retrieved.
> * GET /api/v1/pcap/status/<jobId> - This endpoint will return the YARN
> status of a running/completed job.
> * GET /api/v1/pcap/stop/<jobId> - This endpoint would kill a running pcap
> job. If the job has already completed this is a noop.
> * GET /api/v1/pcap/list - This endpoint will list a user's submitted pcap
> queries. Items in the list would contain job id, status (is it finished?),
> start/end time, and number of pages.
> * GET /api/v1/pcap/pdml/<jobId>/<pageNumber> - This endpoint will return
> pcap results for the given page in pdml format
> ([https://wiki.wireshark.org/PDML]). Are there other formats we want to
> support?
> * GET /api/v1/pcap/raw/<jobId>/<pageNumber> - This endpoint will allow a
> user to download raw pcap results for the given page.
> * DELETE /api/v1/pcap/<jobId> - This endpoint will delete pcap query results.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
