[jira] [Commented] (METRON-1441) Create complementary Solr schemas for the main sensors

2018-02-08 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/METRON-1441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16356838#comment-16356838
 ] 

ASF GitHub Bot commented on METRON-1441:


Github user simonellistonball commented on the issue:

https://github.com/apache/metron/pull/922
  
@cestella much neater. Thank you! I'll put my data schema OCD away now.


> Create complementary Solr schemas for the main sensors
> --
>
> Key: METRON-1441
> URL: https://issues.apache.org/jira/browse/METRON-1441
> Project: Metron
>  Issue Type: Improvement
>Reporter: Casey Stella
>Priority: Major
>
> We have ES templates for bro, snort, yaf, and error, we need corresponding 
> solr schemas for these collections.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (METRON-1441) Create complementary Solr schemas for the main sensors

2018-02-08 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/METRON-1441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16356835#comment-16356835
 ] 

ASF GitHub Bot commented on METRON-1441:


Github user simonellistonball commented on a diff in the pull request:

https://github.com/apache/metron/pull/922#discussion_r166908797
  
--- Diff: 
metron-platform/metron-solr/src/main/config/schema/error/solrconfig.xml ---
@@ -0,0 +1,1601 @@
+
--- End diff --

Is this just basic stock solr? The /browse endpoint configs seem like they 
come from the tutorial sample, and could be mis-leading for example.


> Create complementary Solr schemas for the main sensors
> --
>
> Key: METRON-1441
> URL: https://issues.apache.org/jira/browse/METRON-1441
> Project: Metron
>  Issue Type: Improvement
>Reporter: Casey Stella
>Priority: Major
>
> We have ES templates for bro, snort, yaf, and error, we need corresponding 
> solr schemas for these collections.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (METRON-1441) Create complementary Solr schemas for the main sensors

2018-02-07 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/METRON-1441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16355666#comment-16355666
 ] 

ASF GitHub Bot commented on METRON-1441:


Github user cestella closed the pull request at:

https://github.com/apache/metron/pull/922


> Create complementary Solr schemas for the main sensors
> --
>
> Key: METRON-1441
> URL: https://issues.apache.org/jira/browse/METRON-1441
> Project: Metron
>  Issue Type: Improvement
>Reporter: Casey Stella
>Priority: Major
>
> We have ES templates for bro, snort, yaf, and error, we need corresponding 
> solr schemas for these collections.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (METRON-1441) Create complementary Solr schemas for the main sensors

2018-02-06 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/METRON-1441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16354193#comment-16354193
 ] 

ASF GitHub Bot commented on METRON-1441:


Github user cestella commented on the issue:

https://github.com/apache/metron/pull/922
  
@simonellistonball Yes, we should.  I added the relevant context and 
grouping for each of the schemas that we ship by default.  Bro has more context 
as there were more comments in the ES schema.  I brought over whatever comments 
were relevant and grouped appropriately and as best I could in the others.

Let me know if I missed anything.



> Create complementary Solr schemas for the main sensors
> --
>
> Key: METRON-1441
> URL: https://issues.apache.org/jira/browse/METRON-1441
> Project: Metron
>  Issue Type: Improvement
>Reporter: Casey Stella
>Priority: Major
>
> We have ES templates for bro, snort, yaf, and error, we need corresponding 
> solr schemas for these collections.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (METRON-1441) Create complementary Solr schemas for the main sensors

2018-02-06 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/METRON-1441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16353996#comment-16353996
 ] 

ASF GitHub Bot commented on METRON-1441:


Github user simonellistonball commented on the issue:

https://github.com/apache/metron/pull/922
  
Should we tidy up the ordering of the schema files for better legibility 
(uniquekey next to the field, dynamic catch alls in a consistent location, some 
semantic ordering of the key elements)?


> Create complementary Solr schemas for the main sensors
> --
>
> Key: METRON-1441
> URL: https://issues.apache.org/jira/browse/METRON-1441
> Project: Metron
>  Issue Type: Improvement
>Reporter: Casey Stella
>Priority: Major
>
> We have ES templates for bro, snort, yaf, and error, we need corresponding 
> solr schemas for these collections.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (METRON-1441) Create complementary Solr schemas for the main sensors

2018-02-06 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/METRON-1441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16353987#comment-16353987
 ] 

ASF GitHub Bot commented on METRON-1441:


Github user merrimanr commented on the issue:

https://github.com/apache/metron/pull/922
  
Looks good to me.  +1


> Create complementary Solr schemas for the main sensors
> --
>
> Key: METRON-1441
> URL: https://issues.apache.org/jira/browse/METRON-1441
> Project: Metron
>  Issue Type: Improvement
>Reporter: Casey Stella
>Priority: Major
>
> We have ES templates for bro, snort, yaf, and error, we need corresponding 
> solr schemas for these collections.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (METRON-1441) Create complementary Solr schemas for the main sensors

2018-02-06 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/METRON-1441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16353938#comment-16353938
 ] 

ASF GitHub Bot commented on METRON-1441:


Github user cestella commented on the issue:

https://github.com/apache/metron/pull/922
  
Ugh, sorry, missed the guid field.  *now* it's ready to test with guid 
field set up.


> Create complementary Solr schemas for the main sensors
> --
>
> Key: METRON-1441
> URL: https://issues.apache.org/jira/browse/METRON-1441
> Project: Metron
>  Issue Type: Improvement
>Reporter: Casey Stella
>Priority: Major
>
> We have ES templates for bro, snort, yaf, and error, we need corresponding 
> solr schemas for these collections.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (METRON-1441) Create complementary Solr schemas for the main sensors

2018-02-05 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/METRON-1441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16352970#comment-16352970
 ] 

ASF GitHub Bot commented on METRON-1441:


Github user merrimanr commented on the issue:

https://github.com/apache/metron/pull/922
  
I would say collection for each parser and an error collection.  It's 
similar to ES templates where we define fields, types, etc.


> Create complementary Solr schemas for the main sensors
> --
>
> Key: METRON-1441
> URL: https://issues.apache.org/jira/browse/METRON-1441
> Project: Metron
>  Issue Type: Improvement
>Reporter: Casey Stella
>Priority: Major
>
> We have ES templates for bro, snort, yaf, and error, we need corresponding 
> solr schemas for these collections.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (METRON-1441) Create complementary Solr schemas for the main sensors

2018-02-05 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/METRON-1441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16352968#comment-16352968
 ] 

ASF GitHub Bot commented on METRON-1441:


Github user ottobackwards commented on the issue:

https://github.com/apache/metron/pull/922
  
So, the idea is that we have a 'core' for each parser?  and for errors?


> Create complementary Solr schemas for the main sensors
> --
>
> Key: METRON-1441
> URL: https://issues.apache.org/jira/browse/METRON-1441
> Project: Metron
>  Issue Type: Improvement
>Reporter: Casey Stella
>Priority: Major
>
> We have ES templates for bro, snort, yaf, and error, we need corresponding 
> solr schemas for these collections.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (METRON-1441) Create complementary Solr schemas for the main sensors

2018-02-02 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/METRON-1441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16351037#comment-16351037
 ] 

ASF GitHub Bot commented on METRON-1441:


Github user merrimanr commented on the issue:

https://github.com/apache/metron/pull/922
  
I tested this in full dev using the install script in 
https://github.com/apache/metron/pull/918.  I was able to create collections 
for each schema except for "error".  For that to work properly, I had to: 

- remove `docValues="true"` from the "bytes" field type
- add the "guid" field used in other schemas

Still working on indexing data into these collections but so far so good.


> Create complementary Solr schemas for the main sensors
> --
>
> Key: METRON-1441
> URL: https://issues.apache.org/jira/browse/METRON-1441
> Project: Metron
>  Issue Type: Improvement
>Reporter: Casey Stella
>Priority: Major
>
> We have ES templates for bro, snort, yaf, and error, we need corresponding 
> solr schemas for these collections.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (METRON-1441) Create complementary Solr schemas for the main sensors

2018-02-02 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/METRON-1441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16350983#comment-16350983
 ] 

ASF GitHub Bot commented on METRON-1441:


Github user cestella commented on the issue:

https://github.com/apache/metron/pull/922
  
Ok, I did the following:
* Augmented the readme to point to the Solr documentation around schemas.  
Keep in mind, this is intermediate work that will feed into the "install Solr" 
work
* Added yaf and error schemas
* Renamed the test to an integration test
* Moved the data from multiline to separate files


> Create complementary Solr schemas for the main sensors
> --
>
> Key: METRON-1441
> URL: https://issues.apache.org/jira/browse/METRON-1441
> Project: Metron
>  Issue Type: Improvement
>Reporter: Casey Stella
>Priority: Major
>
> We have ES templates for bro, snort, yaf, and error, we need corresponding 
> solr schemas for these collections.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (METRON-1441) Create complementary Solr schemas for the main sensors

2018-02-02 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/METRON-1441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16350714#comment-16350714
 ] 

ASF GitHub Bot commented on METRON-1441:


Github user cestella commented on a diff in the pull request:

https://github.com/apache/metron/pull/922#discussion_r165711148
  
--- Diff: 
metron-platform/metron-solr/src/test/java/org/apache/metron/solr/schema/SchemaTranslatorTest.java
 ---
@@ -0,0 +1,188 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.metron.solr.schema;
+
+import com.google.common.base.Splitter;
+import com.google.common.collect.Iterables;
+import org.adrianwalker.multilinestring.Multiline;
+import org.apache.metron.common.configuration.writer.WriterConfiguration;
+import org.apache.metron.common.utils.JSONUtils;
+import org.apache.metron.integration.UnableToStartException;
+import org.apache.metron.solr.integration.components.SolrComponent;
+import org.apache.metron.solr.writer.SolrWriter;
+import org.json.simple.JSONObject;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import java.util.*;
+
+public class SchemaTranslatorTest {
+
+  /**

+{"adapter.threatinteladapter.end.ts":"1517499201357","bro_timestamp":"1517499194.7338","ip_dst_port":8080,"enrichmentsplitterbolt.splitter.end.ts":"1517499201202","enrichmentsplitterbolt.splitter.begin.ts":"1517499201200","adapter.hostfromjsonlistadapter.end.ts":"1517499201207","adapter.geoadapter.begin.ts":"1517499201209","uid":"CUrRne3iLIxXavQtci","trans_depth":143,"protocol":"http","original_string":"HTTP
 | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 
uri:\/api\/v1\/clusters\/metron_cluster\/services\/KAFKA\/components\/KAFKA_BROKER?fields=metrics\/kafka\/server\/BrokerTopicMetrics\/AllTopicsBytesInPerSec\/1MinuteRate[1484165330,1484168930,15],metrics\/kafka\/server\/BrokerTopicMetrics\/AllTopicsBytesOutPerSec\/1MinuteRate[1484165330,1484168930,15],metrics\/kafka\/server\/BrokerTopicMetrics\/AllTopicsMessagesInPerSec\/1MinuteRate[1484165330,1484168930,15],metrics\/kafka\/controller\/KafkaController\/ActiveControllerCount[1484165330,1484168930,15],metrics\/kafka\/controller\/ControllerStats\/LeaderElectionRateAndTimeMs\/1MinuteRate[1484165330,1484168930,15],metrics\/kafka\/controller\/ControllerStats\/UncleanLeaderElectionsPerSec\/1MinuteRate[1484165330,1484168930,15],metrics\/kafka\/server\/ReplicaFetcherManager\/Replica-MaxLag[1484165330,1484168930,15],metrics\/kafka\/server\/ReplicaManager\/PartitionCount[1484165330,1484168930,15],metrics\/kafka\/server\/ReplicaManager\/UnderReplicatedPartitions[1484165330,1484168930,15],metrics\/kafka\/server\/ReplicaManager\/LeaderCount[1484165330,1484168930,15]=null_padding&_=1484168930776
 tags:[] uid:CUrRne3iLIxXavQtci referrer:http:\/\/node1:8080\/ trans_depth:143 
host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla\/5.0 
(Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) 
Chrome\/55.0.2883.95 Safari\/537.36 ts:1517499194.7338 
id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","threatinteljoinbolt.joiner.ts":"1517499201359","host":"node1","enrichmentjoinbolt.joiner.ts":"1517499201212","adapter.hostfromjsonlistadapter.begin.ts":"1517499201206","threatintelsplitterbolt.splitter.begin.ts":"1517499201215","ip_src_addr":"192.168.66.1","user_agent":"Mozilla\/5.0
 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) 
Chrome\/55.0.2883.95

[jira] [Commented] (METRON-1441) Create complementary Solr schemas for the main sensors

2018-02-02 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/METRON-1441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16350427#comment-16350427
 ] 

ASF GitHub Bot commented on METRON-1441:


Github user ottobackwards commented on a diff in the pull request:

https://github.com/apache/metron/pull/922#discussion_r165662614
  
--- Diff: 
metron-platform/metron-solr/src/test/java/org/apache/metron/solr/schema/SchemaTranslatorTest.java
 ---
@@ -0,0 +1,188 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.metron.solr.schema;
+
+import com.google.common.base.Splitter;
+import com.google.common.collect.Iterables;
+import org.adrianwalker.multilinestring.Multiline;
+import org.apache.metron.common.configuration.writer.WriterConfiguration;
+import org.apache.metron.common.utils.JSONUtils;
+import org.apache.metron.integration.UnableToStartException;
+import org.apache.metron.solr.integration.components.SolrComponent;
+import org.apache.metron.solr.writer.SolrWriter;
+import org.json.simple.JSONObject;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import java.util.*;
+
+public class SchemaTranslatorTest {
+
+  /**

+{"adapter.threatinteladapter.end.ts":"1517499201357","bro_timestamp":"1517499194.7338","ip_dst_port":8080,"enrichmentsplitterbolt.splitter.end.ts":"1517499201202","enrichmentsplitterbolt.splitter.begin.ts":"1517499201200","adapter.hostfromjsonlistadapter.end.ts":"1517499201207","adapter.geoadapter.begin.ts":"1517499201209","uid":"CUrRne3iLIxXavQtci","trans_depth":143,"protocol":"http","original_string":"HTTP
 | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 
uri:\/api\/v1\/clusters\/metron_cluster\/services\/KAFKA\/components\/KAFKA_BROKER?fields=metrics\/kafka\/server\/BrokerTopicMetrics\/AllTopicsBytesInPerSec\/1MinuteRate[1484165330,1484168930,15],metrics\/kafka\/server\/BrokerTopicMetrics\/AllTopicsBytesOutPerSec\/1MinuteRate[1484165330,1484168930,15],metrics\/kafka\/server\/BrokerTopicMetrics\/AllTopicsMessagesInPerSec\/1MinuteRate[1484165330,1484168930,15],metrics\/kafka\/controller\/KafkaController\/ActiveControllerCount[1484165330,1484168930,15],metrics\/kafka\/controller\/ControllerStats\/LeaderElectionRateAndTimeMs\/1MinuteRate[1484165330,1484168930,15],metrics\/kafka\/controller\/ControllerStats\/UncleanLeaderElectionsPerSec\/1MinuteRate[1484165330,1484168930,15],metrics\/kafka\/server\/ReplicaFetcherManager\/Replica-MaxLag[1484165330,1484168930,15],metrics\/kafka\/server\/ReplicaManager\/PartitionCount[1484165330,1484168930,15],metrics\/kafka\/server\/ReplicaManager\/UnderReplicatedPartitions[1484165330,1484168930,15],metrics\/kafka\/server\/ReplicaManager\/LeaderCount[1484165330,1484168930,15]=null_padding&_=1484168930776
 tags:[] uid:CUrRne3iLIxXavQtci referrer:http:\/\/node1:8080\/ trans_depth:143 
host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla\/5.0 
(Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) 
Chrome\/55.0.2883.95 Safari\/537.36 ts:1517499194.7338 
id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","threatinteljoinbolt.joiner.ts":"1517499201359","host":"node1","enrichmentjoinbolt.joiner.ts":"1517499201212","adapter.hostfromjsonlistadapter.begin.ts":"1517499201206","threatintelsplitterbolt.splitter.begin.ts":"1517499201215","ip_src_addr":"192.168.66.1","user_agent":"Mozilla\/5.0
 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) 
Chrome\/55.0.2883.95

[jira] [Commented] (METRON-1441) Create complementary Solr schemas for the main sensors

2018-02-02 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/METRON-1441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16350386#comment-16350386
 ] 

ASF GitHub Bot commented on METRON-1441:


Github user cestella commented on a diff in the pull request:

https://github.com/apache/metron/pull/922#discussion_r165656511
  
--- Diff: 
metron-platform/metron-solr/src/test/java/org/apache/metron/solr/schema/SchemaTranslatorTest.java
 ---
@@ -0,0 +1,188 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.metron.solr.schema;
+
+import com.google.common.base.Splitter;
+import com.google.common.collect.Iterables;
+import org.adrianwalker.multilinestring.Multiline;
+import org.apache.metron.common.configuration.writer.WriterConfiguration;
+import org.apache.metron.common.utils.JSONUtils;
+import org.apache.metron.integration.UnableToStartException;
+import org.apache.metron.solr.integration.components.SolrComponent;
+import org.apache.metron.solr.writer.SolrWriter;
+import org.json.simple.JSONObject;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import java.util.*;
+
--- End diff --

Yes, I absolutely can.


> Create complementary Solr schemas for the main sensors
> --
>
> Key: METRON-1441
> URL: https://issues.apache.org/jira/browse/METRON-1441
> Project: Metron
>  Issue Type: Improvement
>Reporter: Casey Stella
>Priority: Major
>
> We have ES templates for bro, snort, yaf, and error, we need corresponding 
> solr schemas for these collections.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (METRON-1441) Create complementary Solr schemas for the main sensors

2018-02-02 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/METRON-1441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16350392#comment-16350392
 ] 

ASF GitHub Bot commented on METRON-1441:


Github user cestella commented on the issue:

https://github.com/apache/metron/pull/922
  
@ottobackwards Very likely these schema files won't stay in this spot, but 
the final resting spot won't be apparent until we figure out how to 
automatically apply the schemas.  Treat this PR as just unlocking progress for 
downstream PRs (like correcting SolrWriter to write to Solr again).


> Create complementary Solr schemas for the main sensors
> --
>
> Key: METRON-1441
> URL: https://issues.apache.org/jira/browse/METRON-1441
> Project: Metron
>  Issue Type: Improvement
>Reporter: Casey Stella
>Priority: Major
>
> We have ES templates for bro, snort, yaf, and error, we need corresponding 
> solr schemas for these collections.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (METRON-1441) Create complementary Solr schemas for the main sensors

2018-02-02 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/METRON-1441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16350387#comment-16350387
 ] 

ASF GitHub Bot commented on METRON-1441:


Github user cestella commented on a diff in the pull request:

https://github.com/apache/metron/pull/922#discussion_r165656636
  
--- Diff: 
metron-platform/metron-solr/src/test/java/org/apache/metron/solr/schema/SchemaTranslatorTest.java
 ---
@@ -0,0 +1,188 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.metron.solr.schema;
+
+import com.google.common.base.Splitter;
+import com.google.common.collect.Iterables;
+import org.adrianwalker.multilinestring.Multiline;
+import org.apache.metron.common.configuration.writer.WriterConfiguration;
+import org.apache.metron.common.utils.JSONUtils;
+import org.apache.metron.integration.UnableToStartException;
+import org.apache.metron.solr.integration.components.SolrComponent;
+import org.apache.metron.solr.writer.SolrWriter;
+import org.json.simple.JSONObject;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import java.util.*;
+
+public class SchemaTranslatorTest {
+
+  /**

+{"adapter.threatinteladapter.end.ts":"1517499201357","bro_timestamp":"1517499194.7338","ip_dst_port":8080,"enrichmentsplitterbolt.splitter.end.ts":"1517499201202","enrichmentsplitterbolt.splitter.begin.ts":"1517499201200","adapter.hostfromjsonlistadapter.end.ts":"1517499201207","adapter.geoadapter.begin.ts":"1517499201209","uid":"CUrRne3iLIxXavQtci","trans_depth":143,"protocol":"http","original_string":"HTTP
 | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 
uri:\/api\/v1\/clusters\/metron_cluster\/services\/KAFKA\/components\/KAFKA_BROKER?fields=metrics\/kafka\/server\/BrokerTopicMetrics\/AllTopicsBytesInPerSec\/1MinuteRate[1484165330,1484168930,15],metrics\/kafka\/server\/BrokerTopicMetrics\/AllTopicsBytesOutPerSec\/1MinuteRate[1484165330,1484168930,15],metrics\/kafka\/server\/BrokerTopicMetrics\/AllTopicsMessagesInPerSec\/1MinuteRate[1484165330,1484168930,15],metrics\/kafka\/controller\/KafkaController\/ActiveControllerCount[1484165330,1484168930,15],metrics\/kafka\/controller\/ControllerStats\/LeaderElectionRateAndTimeMs\/1MinuteRate[1484165330,1484168930,15],metrics\/kafka\/controller\/ControllerStats\/UncleanLeaderElectionsPerSec\/1MinuteRate[1484165330,1484168930,15],metrics\/kafka\/server\/ReplicaFetcherManager\/Replica-MaxLag[1484165330,1484168930,15],metrics\/kafka\/server\/ReplicaManager\/PartitionCount[1484165330,1484168930,15],metrics\/kafka\/server\/ReplicaManager\/UnderReplicatedPartitions[1484165330,1484168930,15],metrics\/kafka\/server\/ReplicaManager\/LeaderCount[1484165330,1484168930,15]=null_padding&_=1484168930776
 tags:[] uid:CUrRne3iLIxXavQtci referrer:http:\/\/node1:8080\/ trans_depth:143 
host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla\/5.0 
(Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) 
Chrome\/55.0.2883.95 Safari\/537.36 ts:1517499194.7338 
id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","threatinteljoinbolt.joiner.ts":"1517499201359","host":"node1","enrichmentjoinbolt.joiner.ts":"1517499201212","adapter.hostfromjsonlistadapter.begin.ts":"1517499201206","threatintelsplitterbolt.splitter.begin.ts":"1517499201215","ip_src_addr":"192.168.66.1","user_agent":"Mozilla\/5.0
 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) 
Chrome\/55.0.2883.95

[jira] [Commented] (METRON-1441) Create complementary Solr schemas for the main sensors

2018-02-01 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/METRON-1441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16349712#comment-16349712
 ] 

ASF GitHub Bot commented on METRON-1441:


Github user ottobackwards commented on a diff in the pull request:

https://github.com/apache/metron/pull/922#discussion_r165548986
  
--- Diff: 
metron-platform/metron-solr/src/test/java/org/apache/metron/solr/schema/SchemaTranslatorTest.java
 ---
@@ -0,0 +1,188 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.metron.solr.schema;
+
+import com.google.common.base.Splitter;
+import com.google.common.collect.Iterables;
+import org.adrianwalker.multilinestring.Multiline;
+import org.apache.metron.common.configuration.writer.WriterConfiguration;
+import org.apache.metron.common.utils.JSONUtils;
+import org.apache.metron.integration.UnableToStartException;
+import org.apache.metron.solr.integration.components.SolrComponent;
+import org.apache.metron.solr.writer.SolrWriter;
+import org.json.simple.JSONObject;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import java.util.*;
+
--- End diff --

Shouldn't this be an integration test?


> Create complementary Solr schemas for the main sensors
> --
>
> Key: METRON-1441
> URL: https://issues.apache.org/jira/browse/METRON-1441
> Project: Metron
>  Issue Type: Improvement
>Reporter: Casey Stella
>Priority: Major
>
> We have ES templates for bro, snort, yaf, and error, we need corresponding 
> solr schemas for these collections.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (METRON-1441) Create complementary Solr schemas for the main sensors

2018-02-01 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/METRON-1441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16349711#comment-16349711
 ] 

ASF GitHub Bot commented on METRON-1441:


Github user ottobackwards commented on a diff in the pull request:

https://github.com/apache/metron/pull/922#discussion_r165548937
  
--- Diff: 
metron-platform/metron-solr/src/test/java/org/apache/metron/solr/schema/SchemaTranslatorTest.java
 ---
@@ -0,0 +1,188 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.metron.solr.schema;
+
+import com.google.common.base.Splitter;
+import com.google.common.collect.Iterables;
+import org.adrianwalker.multilinestring.Multiline;
+import org.apache.metron.common.configuration.writer.WriterConfiguration;
+import org.apache.metron.common.utils.JSONUtils;
+import org.apache.metron.integration.UnableToStartException;
+import org.apache.metron.solr.integration.components.SolrComponent;
+import org.apache.metron.solr.writer.SolrWriter;
+import org.json.simple.JSONObject;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import java.util.*;
+
+public class SchemaTranslatorTest {
+
+  /**

+{"adapter.threatinteladapter.end.ts":"1517499201357","bro_timestamp":"1517499194.7338","ip_dst_port":8080,"enrichmentsplitterbolt.splitter.end.ts":"1517499201202","enrichmentsplitterbolt.splitter.begin.ts":"1517499201200","adapter.hostfromjsonlistadapter.end.ts":"1517499201207","adapter.geoadapter.begin.ts":"1517499201209","uid":"CUrRne3iLIxXavQtci","trans_depth":143,"protocol":"http","original_string":"HTTP
 | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 
uri:\/api\/v1\/clusters\/metron_cluster\/services\/KAFKA\/components\/KAFKA_BROKER?fields=metrics\/kafka\/server\/BrokerTopicMetrics\/AllTopicsBytesInPerSec\/1MinuteRate[1484165330,1484168930,15],metrics\/kafka\/server\/BrokerTopicMetrics\/AllTopicsBytesOutPerSec\/1MinuteRate[1484165330,1484168930,15],metrics\/kafka\/server\/BrokerTopicMetrics\/AllTopicsMessagesInPerSec\/1MinuteRate[1484165330,1484168930,15],metrics\/kafka\/controller\/KafkaController\/ActiveControllerCount[1484165330,1484168930,15],metrics\/kafka\/controller\/ControllerStats\/LeaderElectionRateAndTimeMs\/1MinuteRate[1484165330,1484168930,15],metrics\/kafka\/controller\/ControllerStats\/UncleanLeaderElectionsPerSec\/1MinuteRate[1484165330,1484168930,15],metrics\/kafka\/server\/ReplicaFetcherManager\/Replica-MaxLag[1484165330,1484168930,15],metrics\/kafka\/server\/ReplicaManager\/PartitionCount[1484165330,1484168930,15],metrics\/kafka\/server\/ReplicaManager\/UnderReplicatedPartitions[1484165330,1484168930,15],metrics\/kafka\/server\/ReplicaManager\/LeaderCount[1484165330,1484168930,15]=null_padding&_=1484168930776
 tags:[] uid:CUrRne3iLIxXavQtci referrer:http:\/\/node1:8080\/ trans_depth:143 
host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla\/5.0 
(Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) 
Chrome\/55.0.2883.95 Safari\/537.36 ts:1517499194.7338 
id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","threatinteljoinbolt.joiner.ts":"1517499201359","host":"node1","enrichmentjoinbolt.joiner.ts":"1517499201212","adapter.hostfromjsonlistadapter.begin.ts":"1517499201206","threatintelsplitterbolt.splitter.begin.ts":"1517499201215","ip_src_addr":"192.168.66.1","user_agent":"Mozilla\/5.0
 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) 
Chrome\/55.0.2883.95

[jira] [Commented] (METRON-1441) Create complementary Solr schemas for the main sensors

2018-02-01 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/METRON-1441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16349308#comment-16349308
 ] 

ASF GitHub Bot commented on METRON-1441:


Github user cestella closed the pull request at:

https://github.com/apache/metron/pull/921


> Create complementary Solr schemas for the main sensors
> --
>
> Key: METRON-1441
> URL: https://issues.apache.org/jira/browse/METRON-1441
> Project: Metron
>  Issue Type: Improvement
>Reporter: Casey Stella
>Priority: Major
>
> We have ES templates for bro, snort, yaf, and error, we need corresponding 
> solr schemas for these collections.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (METRON-1441) Create complementary Solr schemas for the main sensors

2018-02-01 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/METRON-1441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16349309#comment-16349309
 ] 

ASF GitHub Bot commented on METRON-1441:


GitHub user cestella opened a pull request:

https://github.com/apache/metron/pull/922

METRON-1441: Create complementary Solr schemas for the main sensors

## Contributor Comments
We have ES templates for bro, snort, yaf, and error, we need corresponding 
solr schemas for these collections.

Right now this is tested via the SchemaTranslatorTest, which spins up the 
current version of Solr loads the schemas and writes sample data and ensures 
they come back properly. 

Note: This is an intermediate move to getting full solr support.  These 
schemas will be refined more, likely.

## Pull Request Checklist

Thank you for submitting a contribution to Apache Metron.  
Please refer to our [Development 
Guidelines](https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61332235)
 for the complete guide to follow for contributions.  
Please refer also to our [Build Verification 
Guidelines](https://cwiki.apache.org/confluence/display/METRON/Verifying+Builds?show-miniview)
 for complete smoke testing guides.  


In order to streamline the review of the contribution we ask you follow 
these guidelines and ask you to double check the following:

### For all changes:
- [x] Is there a JIRA ticket associated with this PR? If not one needs to 
be created at [Metron 
Jira](https://issues.apache.org/jira/browse/METRON/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel).
- [x] Does your PR title start with METRON- where  is the JIRA 
number you are trying to resolve? Pay particular attention to the hyphen "-" 
character.
- [x] Has your PR been rebased against the latest commit within the target 
branch (typically master)?

 Note:
Please ensure that once the PR is submitted, you check travis-ci for build 
issues and submit an update to your PR as soon as possible.
It is also recommended that [travis-ci](https://travis-ci.org) is set up 
for your personal repository such that your branches are built there before 
submitting a pull request.


You can merge this pull request into a Git repository by running:

$ git pull https://github.com/cestella/incubator-metron SOLR_METRON-1441

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/metron/pull/922.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #922


commit 6bb30af9d2005414e3ee44c0bdb0ea14540ce13c
Author: cstella 
Date:   2018-02-01T21:33:56Z

METRON-1441: Create complementary Solr schemas for the main sensors




> Create complementary Solr schemas for the main sensors
> --
>
> Key: METRON-1441
> URL: https://issues.apache.org/jira/browse/METRON-1441
> Project: Metron
>  Issue Type: Improvement
>Reporter: Casey Stella
>Priority: Major
>
> We have ES templates for bro, snort, yaf, and error, we need corresponding 
> solr schemas for these collections.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (METRON-1441) Create complementary Solr schemas for the main sensors

2018-02-01 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/METRON-1441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16349292#comment-16349292
 ] 

ASF GitHub Bot commented on METRON-1441:


Github user cestella commented on the issue:

https://github.com/apache/metron/pull/921
  
I know that commit history looks pretty awful, but it's because I branched 
off of @merrimanr 's SolrDao PR initially.  Now that PR is in the branch, so 
the comparison should be more sensible.


> Create complementary Solr schemas for the main sensors
> --
>
> Key: METRON-1441
> URL: https://issues.apache.org/jira/browse/METRON-1441
> Project: Metron
>  Issue Type: Improvement
>Reporter: Casey Stella
>Priority: Major
>
> We have ES templates for bro, snort, yaf, and error, we need corresponding 
> solr schemas for these collections.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (METRON-1441) Create complementary Solr schemas for the main sensors

2018-02-01 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/METRON-1441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16349275#comment-16349275
 ] 

ASF GitHub Bot commented on METRON-1441:


GitHub user cestella opened a pull request:

https://github.com/apache/metron/pull/921

METRON-1441: Create complementary Solr schemas for the main sensors

## Contributor Comments
We have ES templates for bro, snort, yaf, and error, we need corresponding 
solr schemas for these collections.

Right now this is tested via the SchemaTranslatorTest, which spins up the 
current version of Solr loads the schemas and writes sample data and ensures 
they come back properly. 

Note: This is an intermediate move to getting full solr support.  These 
schemas will be refined more, likely.

## Pull Request Checklist

Thank you for submitting a contribution to Apache Metron.  
Please refer to our [Development 
Guidelines](https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61332235)
 for the complete guide to follow for contributions.  
Please refer also to our [Build Verification 
Guidelines](https://cwiki.apache.org/confluence/display/METRON/Verifying+Builds?show-miniview)
 for complete smoke testing guides.  


In order to streamline the review of the contribution we ask you follow 
these guidelines and ask you to double check the following:

### For all changes:
- [x] Is there a JIRA ticket associated with this PR? If not one needs to 
be created at [Metron 
Jira](https://issues.apache.org/jira/browse/METRON/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel).
- [x] Does your PR title start with METRON- where  is the JIRA 
number you are trying to resolve? Pay particular attention to the hyphen "-" 
character.
- [x] Has your PR been rebased against the latest commit within the target 
branch (typically master)?

 Note:
Please ensure that once the PR is submitted, you check travis-ci for build 
issues and submit an update to your PR as soon as possible.
It is also recommended that [travis-ci](https://travis-ci.org) is set up 
for your personal repository such that your branches are built there before 
submitting a pull request.


You can merge this pull request into a Git repository by running:

$ git pull https://github.com/cestella/incubator-metron solr_schemas

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/metron/pull/921.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #921


commit c86421739f230cfc23b2a5092af53a32348dbaef
Author: merrimanr 
Date:   2018-01-24T16:35:33Z

initial commit

commit 76455986a14d12ed720a83c091616a1904ffb2b1
Author: merrimanr 
Date:   2018-01-24T19:07:46Z

initial commit

commit f996ee1a3069116cf1063e70c7d4a2b562da9b97
Author: merrimanr 
Date:   2018-01-24T19:16:15Z

Merge branch 'METRON-1429' into solr-dao

# Conflicts:
#   
metron-platform/metron-elasticsearch/src/test/java/org/apache/metron/elasticsearch/integration/ElasticsearchSearchIntegrationTest.java
#   
metron-platform/metron-indexing/src/test/java/org/apache/metron/indexing/dao/SearchIntegrationTest.java

commit a29ed14c39a79ce5918212baa9b075706319e4de
Author: merrimanr 
Date:   2018-01-24T20:31:11Z

added back metaalert test data

commit 92cc5640e7cacf4cc3b4941c3bc7d559aa7b8380
Author: merrimanr 
Date:   2018-01-24T20:31:49Z

Merge branch 'METRON-1429' into solr-dao

commit 3a17b4d9d18efe4431197521124b13cb0dc4f9e3
Author: merrimanr 
Date:   2018-01-24T22:32:52Z

resolved merge conflicts

commit 5c6293dd5302cddf3f212a982fed8c2d0ec2e391
Author: merrimanr 
Date:   2018-01-24T22:33:53Z

Merge remote-tracking branch 'mirror/master' into METRON-1429

commit bb8efc16f60147ed8198604923c391c360376859
Author: merrimanr 
Date:   2018-01-24T22:49:36Z

Merge branch 'METRON-1429' into solr-dao

commit 016403323cda9959c8edcdbe0e6a6e8d7cda9340
Author: merrimanr 
Date:   2018-01-25T16:37:10Z

Merge remote-tracking branch 'mirror/master' into solr-dao

# Conflicts:
#   
metron-platform/metron-elasticsearch/src/test/java/org/apache/metron/elasticsearch/integration/ElasticsearchSearchIntegrationTest.java
#   
metron-platform/metron-indexing/src/test/java/org/apache/metron/indexing/dao/SearchIntegrationTest.java

commit d4c99e1521f7c638ab81d388b0cb8c55cc548561
Author: merrimanr 
Date:   2018-01-26T22:21:38Z

dao refactor and group implementation

commit 8fc77dff00a695f09ea6777aada9e23f7e89f6ee
Author: merrimanr 
Date:   2018-01-26T22:25:15Z

Merge remote-tracking