[GitHub] metron issue #1184: METRON-1761, allow application of grok statement multipl...
Github user lvets commented on the issue: https://github.com/apache/metron/pull/1184 So I talked @ottobackwards into initially adding this feature ð The reason I asked for this improvement is that have a bunch of log files which contain a relevant entry per line. I currently have to rely on 3rdparty tools to split these logfiles into messages (where 1 log line == 1 message) before sending them to Metron. I was hoping to just ingest the log and Metron would take care of this. To me, relying on 3rdparty tools for what I assume to be a normal use case for a SIEM seems a bit strange. ---
[GitHub] metron issue #754: METRON-1184 EC2 Deployment - Updating control_path to acc...
Github user lvets commented on the issue: https://github.com/apache/metron/pull/754 This works for me on an Ubuntu 16.04 host. ---
[GitHub] metron issue #754: METRON-1184 EC2 Deployment - Updating control_path to acc...
Github user lvets commented on the issue: https://github.com/apache/metron/pull/754 Sorry about this, testing it now. ---
[GitHub] metron issue #684: DO NOT MERGE: METRON-1086: Create a Blockly-based user in...
Github user lvets commented on the issue: https://github.com/apache/metron/pull/684 I can help out with testing wherever possible. This is a very cool feature... ---
[GitHub] metron issue #754: METRON-1184 EC2 Deployment - Updating control_path to acc...
Github user lvets commented on the issue: https://github.com/apache/metron/pull/754 @ottobackwards I will try this out this week. ---
[GitHub] metron issue #916: METRON-1434 - Ability to deploy Metron full dev as a sing...
Github user lvets commented on the issue: https://github.com/apache/metron/pull/916 @nickwallen, @ottobackwards , my 0.02$ :) > For example, with everything in Metron today, you can stand-up a single node in AWS and use the Mpack to install Metron. It is not as "push button" simple as your contribution here, but it is "good enough" considering the resources we have in the community today. Unfortunately, "push button" style setup is what most people want nowadays want to quickly set up a test environment and start playing around. I do understand that supporting different installation methods (including mine :p) adds a burden, but I think it is a burden we have to bear until Metron grows bigger. > We should also consider that running Metron on a single node is a recipe for a horrible user experience. It should only be run on a single node for development purposes, which is something that we already do support. I would not recommend that anyone run Metron on a single node for any other purpose. That's why AWS has a bunch of different VM types :) Maybe we should add a big fat warning somewhere saying "Your experience will be very bad if you not use at least an m5.4xlarge instance if you're going the single node way." I think having quick & easy ways to setup Metron on a single node to play around is necessary until the Metron community grows... Anyway, back to lurking mode for now. ---
