[
https://issues.apache.org/jira/browse/METRON-548?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15638069#comment-15638069
]
ASF GitHub Bot commented on METRON-548:
---------------------------------------
Github user mattf-horton commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/343#discussion_r86648252
--- Diff: metron-analytics/metron-profiler/README.md ---
@@ -1,16 +1,74 @@
# Metron Profiler
-The Profiler is a feature extraction mechanism that can generate a profile
describing the behavior of an entity on a network. An entity might be a
server, user, subnet or application. Once a profile has been generated defining
what normal behavior looks-like, models can be built that identify anomalous
behavior.
+The Profiler is a feature extraction mechanism that can generate a profile
describing the behavior of an entity. An entity might be a server, user,
subnet or application. Once a profile has been generated defining what normal
behavior looks-like, models can be built that identify anomalous behavior.
This is achieved by summarizing the streaming telemetry data consumed by
Metron over sliding windows. A summary statistic is applied to the data
received within a given window. Collecting this summary across many windows
results in a time series that is useful for analysis.
-## Usage
+Any field contained within a message can be used to generate a profile. A
profile can even be produced by combining fields that originate in different
data sources. A user has considerable power to transform the data used in a
profile by leveraging the Stellar language. A user only need configure the
desired profiles and ensure that the Profiler topology is running.
-Any field contained within a message can be used to generate a profile. A
profile can even be produced from combining fields that originate in different
data sources. A user has considerable power to transform the data used in a
profile by leveraging the Stellar language. A user only need configure the
desired profiles in Zookeeper and ensure that the Profiler topology is running.
+* [Getting Started](#getting-started)
+* [Creating Profiles](#creating-profiles)
+* [Configuring the Profiler](#configuring-the-profiler)
+* [Examples](#examples)
+* [Implementation](#implementation)
-### Configuration
+## Getting Started
+
+This section will describe the steps required to get your first profile
running.
+
+1. Stand-up a Metron environment. For this example, we will use the
'Quick Dev' environment. Follow the instructions included with [Quick
Dev](../../metron-deployment/vagrant/quick-dev-platform) or build your own.
+
+1. Create a table within HBase that will store the profile data. The table
name and column family must match the [Profiler's
configuration](#configuring-the-profiler).
+ ```
+ $ /usr/hdp/current/hbase-client/bin/hbase shell
+ hbase(main):001:0> create 'profiler', 'P'
+ ```
+
+1. Define the profile in a file located at
`$METRON_HOME/config/zookeeper/profiler.json`. The following JSON will create
a profile that simply counts the number of messages.
--- End diff --
Suggest edits:
following JSON -> following example JSON
number of messages -> number of messages per ip_src_addr, during each
sampling interval.
> Improve Profiler Documentation
> ------------------------------
>
> Key: METRON-548
> URL: https://issues.apache.org/jira/browse/METRON-548
> Project: Metron
> Issue Type: Improvement
> Reporter: Nick Allen
> Assignee: Nick Allen
>
> Improve the documentation to highlight how the Profiler can store any
> serializable object, not just numeric values, and how that plays nicely with
> the Stellar STATS_* package.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
