Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/869#discussion_r159330127
--- Diff: metron-deployment/README.md ---
@@ -15,178 +15,134 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
express or implied.
See
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/869#discussion_r159322553
--- Diff: metron-deployment/README.md ---
@@ -15,178 +15,134 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
express or implied.
See
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/869#discussion_r159317149
--- Diff: metron-deployment/packaging/ambari/metron-mpack/README.md ---
@@ -0,0 +1,94 @@
+
+
+This provides a Management Pack (MPack
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/869#discussion_r159316935
--- Diff: metron-deployment/packaging/ambari/metron-mpack/README.md ---
@@ -0,0 +1,94 @@
+
+
+This provides a Management Pack (MPack
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/840#discussion_r159273549
--- Diff: pom.xml ---
@@ -159,7 +159,7 @@
${global_surefire_version
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/840#discussion_r159266301
--- Diff:
metron-deployment/other-examples/manual-install/Manual_Install_CentOS6.md ---
@@ -441,7 +441,7 @@ Client
- Kibana:
* Set
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/869#discussion_r159268214
--- Diff: metron-deployment/README.md ---
@@ -1,175 +1,129 @@
-# Overview
-This set of playbooks can be used to deploy an Ambari-managed Hadoop
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/840#discussion_r159265938
--- Diff: metron-deployment/README.md ---
@@ -1,3 +1,16 @@
+# Metron Deployment
--- End diff --
As a heads up, #883 is in now, so
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/885
I'm +1 by inspection, since Nick built the code base. Thanks for taking
care of this!
---
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/869#discussion_r159246961
--- Diff: metron-deployment/README.md ---
@@ -1,175 +1,129 @@
-# Overview
-This set of playbooks can be used to deploy an Ambari-managed Hadoop
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/883
@nickwallen @ottobackwards I'm going to (possibly annoyingly) ping again
and use the excuse that the holidays are over.
---
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/857
@merrimanr @mmiklavc @iraghumitra What are the next steps towards being
able to have this stable? It sounds like there was some playing around with
versions, and that there may be some more
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/789
@DimDroll Is this still relevant with Mike's comment about #791?
---
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/786
@merrimanr Can you deconflict this? This is otherwise ready for review,
but it just needs to happen, right?
---
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/622
@nickwallen I haven't been following this discussion, but it seems like a
useful feature / enhancement that's been hanging out awhile after active
discussion petered out. What are the next steps
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/869
@nickwallen Thanks for adding that. I'm good with it.
---
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/883
@JonZeolla Yes, I did. No idea what I was thinking, in all honesty.
@nickwallen You're the actual person I wanted here.
---
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/785#discussion_r159122619
--- Diff: metron-platform/metron-parsers/3rdPartyParser.md ---
@@ -0,0 +1,306 @@
+# Custom Metron Parsers
--- End diff --
Not sure what
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/840#discussion_r159122591
--- Diff: metron-deployment/README.md ---
@@ -1,3 +1,16 @@
+# Metron Deployment
--- End diff --
Can you please add the license header
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/865
Given that this is a feature branch, I'm sure master will be merged in, but
as a reminder, markdown file headers will be enforced by rat relatively soon
(so any new markdown files in here
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/882#discussion_r159122512
--- Diff: use-cases/typosquat_detection/README.md ---
@@ -0,0 +1,431 @@
+# Problem Statement
--- End diff --
Can you please add
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/884#discussion_r159122504
--- Diff: metron-stellar/stellar-zeppelin/README.md ---
@@ -0,0 +1,85 @@
+# Stellar Interpreter for Apache Zeppelin
+
+[Apache Zeppelin](https
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/883
@ottobackwards @JonZeolla Merged in master and added header to new markdown
file (the deb deployment one). Once you two are satisfied with the new commit,
and I've run through the outstanding
GitHub user justinleet opened a pull request:
https://github.com/apache/metron/pull/883
METRON-1381: Add Apache license to MD files and remove the Rat exclusion
Added an HTML comment license header to all the MD files. Removed the RAT
exclusion for MD files, so we make sure to do
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/881
@ottobackwards I think you're right, we should have the header in the MD
files. I looked back at the discussion you kicked off, the general agreement
was that we should, but we didn't follow up
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/881#discussion_r158571805
--- Diff: CONTRIBUTING.md ---
@@ -0,0 +1,27 @@
+# How To Contribute
+As an open source project, Metron welcomes contributions of all forms
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/881#discussion_r158571753
--- Diff: CONTRIBUTING.md ---
@@ -0,0 +1,27 @@
+# How To Contribute
+As an open source project, Metron welcomes contributions of all forms
GitHub user justinleet opened a pull request:
https://github.com/apache/metron/pull/881
METRON-1071: Create CONTRIBUTING.md
## Contributor Comments
Totally forgot I'd been sitting on a half done version of this. It's
basically a stripped down version of the Development
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/840#discussion_r157540768
--- Diff: metron-platform/metron-elasticsearch/README.md ---
@@ -33,7 +42,217 @@ For instance, an `es.date.format` of `.MM.dd.HH`
would have
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/840#discussion_r157540388
--- Diff: metron-platform/metron-elasticsearch/README.md ---
@@ -1,5 +1,14 @@
# Elasticsearch in Metron
+## Table of Contents
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/869#discussion_r157238284
--- Diff: metron-deployment/README.md ---
@@ -1,175 +1,127 @@
-# Overview
-This set of playbooks can be used to deploy an Ambari-managed Hadoop
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/867
@ottobackwards Left a comment on the ticket you made:
https://issues.apache.org/jira/browse/METRON-1361?focusedCommentId=16291159=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/866
I'm +1 by inspection, given that @ottobackwards ran it up successfully.
Good job!
---
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/866
@ottobackwards Nope, at least I don't. I assume you're not on a Mac,
because I don't believe cowsay is installed by default on them. Hilariously, I
just installed it via homebrew though.
---
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/866
Yeah, sorry, I wasn't clear, my log sample is prior to this PR
---
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/866
@ottobackwards Yes, I think you'd see it twice, looking at my logs
```
2017-12-11 09:50:06,120 p=15256 u=jleet | TASK [metron-builder : Build
Metron
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/858
@merrimanr Is it worth having a new discuss thread where you lay out what
you've done, where you expect this to end, and what (if any) work that would be
nice to have but isn't essential
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/857
I've hit the same intermittent errors trying this, e.g.
```
[INFO] - Failed: unknown error: Element ... is not clickable at point
(1279, 95). Other element would receive
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/858
I think getting the feature branch set up was a great first step, so thanks
for setting that up, @merrimanr.
I agree with @ottobackwards, that we need a discussion on what the next
steps
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/858
I agree with @cestella (and this might spill over into a discuss thread as
@ottobackwards mentioned). Maintaining both anything over other than short,
short term is going to be a nightmare
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/858
@merrimanr Did you look into what migrating our non-e2e tests integration
tests would involve? I think for a POC, it's important to get a sense of how
we'd be able to unify the infrastructure
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/854
Casey and I investigated this previously during one of the times we were
running into the upper time limit.
The main reason we ultimately chose not to do this was because we share
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/823
+1, I'm set
---
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/857
I haven't looked at the code yet, but I was able to pull this down and run
the e2e tests repeatedly without failures, so this is definitely great stuff.
---
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/823#discussion_r153919356
--- Diff:
metron-stellar/stellar-common/src/main/java/org/apache/metron/stellar/dsl/functions/OrdinalFunctions.java
---
@@ -0,0 +1,93
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/823#discussion_r153899916
--- Diff:
metron-stellar/stellar-common/src/main/java/org/apache/metron/stellar/dsl/functions/OrdinalFunctions.java
---
@@ -0,0 +1,93
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/852
Looks like @merrimanr commented on the email thread, so I'll copy it here
for posterity.
> I wrote the ReadMeUtils class a long time ago as a way to make documenting
the R
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/852
Glancing briefly, it looks like `ReadMeUtils` uses it as a template for the
metron-rest README.md. Just running the main in there overwrites the
metron-rest README.md. Which seems very odd
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/803
I agree. I'm fine with going ahead with this, but I'd like to see end to
end stability being addressed as the next UI priority, which I believe
@iraghumitra is already doing some work
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/840#discussion_r153289006
--- Diff:
metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/files/snort_index.template
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/803
@nickwallen I agree, unless I'm missing something, it seems like a bug with
recent searches, since you didn't say searches were weird during the initial
attempts.
---
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/803
@nickwallen I haven't been able to get into the same sort of state, but I
know you've used/tested the UI more than me. Do you know a repeatable way to
reproduce this? Or have you been able
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/803#discussion_r152310478
--- Diff:
metron-interface/metron-alerts/e2e/alerts-list/meta-alerts/meta-alert.po.ts ---
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/845
+1 by inspection, assuming @ottobackwards is good.
Thanks for expanding the comments out, it's definitely helpful.
---
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/845
Could we also add the threat score to the metaalert template, to match the
other templates?
---
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/845#discussion_r152075990
--- Diff:
metron-platform/metron-elasticsearch/src/main/java/org/apache/metron/elasticsearch/dao/ElasticsearchMetaAlertDao.java
---
@@ -614,8 +625,15
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/803
@iraghumitra looks like the new API isn't being used quite right.
Sample from the dev tools
```
{
"alerts": [
{
"guid": &quo
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/832
Spun this up on full dev, and saw that sorting worked as expected in the
UI. This worked both when no groupings were selected and also when drilling
down (e.g. grouping by ip_dst_addr
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/827
Great, thanks for the update. +1
---
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/827
@nickwallen The parameter name is preexisting and I'm fine with leaving
that. Would you be okay with changing the descriptions in the README and
annotations? That should be a nonintrusive
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/827
I ran a request giving sensors:
```
curl -X POST --header 'Content-Type: application/json' --header 'Accept:
application/json' -d '["snort", "bro"]'
'http://node
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/827
I tried hitting the `/api/v1/search/column/metadata` endpoint on fulldev
with `["madeupindex"]`; e.g.
curl -X POST --header 'Content-Type: application/json' --header 'Accept:
a
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/825
@nickwallen https://github.com/apache/metron/pull/842
@merrimanr If you're good with that PR, feel free to close this one.
---
GitHub user justinleet opened a pull request:
https://github.com/apache/metron/pull/842
METRON-1290: Only first 10 alerts are update when a MetaAlert status is
changed to inactive
## Contributor Comments
This PR supercedes https://github.com/apache/metron/pull/825. The fix
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/825
@nickwallen I'm about to open a PR with an updated integration test. We
should be able to close this one, since the changes here aren't relevant
anymore.
---
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/825
@merrimanr This is already taken care of by the various refactoring in
https://github.com/apache/metron/pull/824, right? Can you close this (and the
associated jira) if that's accurate?
---
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/824
+1, looks good. Thanks for all the work on the supplemental fixes. Feel
free to skip attribution on the testing PR.
---
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/824
Code-wise, I'm pretty good at this point. Once the docs come in, I'll give
them a once-over and hopefully we're good to go soon.
Thanks a lot for the hard work here!
---
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/824
## Patch neither alert and status
Create a metaalerts and get the GUID for the following steps.
### Patch in new field
```
/api/v1/update/patch
curl -X PATCH --header
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/824
## Patch alert and status
Create a metaalerts and get the GUID for the following steps.
### Attempt to update status field
```
/api/v1/update/patch
curl -X PATCH
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/824
## Create meta alert with more than 10 alerts
### Find more than 10 alerts alerts
```
/api/v1/search/search
curl -X POST --header 'Content-Type: application/json
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/824
## Changing Metaalert status
### Find two alerts
```
/api/v1/search/search
curl -X POST --header 'Content-Type: application/json' --header 'Accept:
application/json' -d
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/824
## Removing alerts and removing an already removed alert
### Find two alerts
```
/api/v1/search/search
curl -X POST --header 'Content-Type: application/json' --header
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/824
## Adding alerts and adding a preexisting alert
### Find two alerts
```
/api/v1/search/search
curl -X POST --header 'Content-Type: application/json' --header 'Accept
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/824#discussion_r151203066
--- Diff:
metron-interface/metron-rest/src/main/java/org/apache/metron/rest/controller/MetaAlertController.java
---
@@ -60,5 +63,37 @@
) throws
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/824
Double check me on that logic though. I could definitely be masking an off
by one error there.
---
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/824
@merrimanr I'm okay with excluding metaalerts (although I need to review
what you did there). I wouldn't expect it to go down by two though.
Say I have two matches, I put one
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/824
@iraghumitra I'm unable to duplicate the grouping on the current code
(although I admittedly ran through a pretty basic example). Here's what I did,
so let me know if I missed something, or you
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/824#discussion_r150892216
--- Diff:
metron-platform/metron-indexing/src/main/java/org/apache/metron/indexing/dao/HBaseDao.java
---
@@ -135,8 +138,9 @@ private Document
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/824#discussion_r150872247
--- Diff:
metron-platform/metron-indexing/src/main/java/org/apache/metron/indexing/dao/HBaseDao.java
---
@@ -135,8 +138,9 @@ private Document
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/824
@iraghumitra Do you have the specific metaalerts and calls that you made?
I'm spinning this up again, but it'll be a bit before I can test something
myself.
---
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/824#discussion_r150854643
--- Diff:
metron-platform/metron-indexing/src/main/java/org/apache/metron/indexing/dao/HBaseDao.java
---
@@ -135,8 +138,9 @@ private Document
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/824
I've spun this up, and `add/alert` throws this exception:
```
{
"responseCode": 500,
"message": "class org.apache.metron.elasticsearch.dao.Elasticsea
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/826#discussion_r150653926
--- Diff:
metron-interface/metron-rest/src/main/java/org/apache/metron/rest/config/KafkaConfig.java
---
@@ -108,6 +108,9 @@ public ZkUtils zkUtils
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/824#discussion_r150641377
--- Diff:
metron-platform/metron-indexing/src/test/java/org/apache/metron/indexing/dao/InMemoryMetaAlertDao.java
---
@@ -200,4 +207,23 @@ public
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/824
@merrimanr Can you merge master into this PR? There is at least one fix in
here that caused me problems spinning this up that's in master, so I'd like to
have it pulled in so testing is as stable
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/824#discussion_r150239607
--- Diff:
metron-interface/metron-rest/src/main/java/org/apache/metron/rest/controller/MetaAlertController.java
---
@@ -60,5 +63,37 @@
) throws
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/824#discussion_r150230733
--- Diff:
metron-platform/metron-elasticsearch/src/main/java/org/apache/metron/elasticsearch/dao/ElasticsearchDao.java
---
@@ -256,59 +256,91 @@ public
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/824
@merrimanr For the findAllLatest, can we add a default implementation to
the interface that would cover HBase (i.e. just do a for loop lookup), even if
it's not efficient. Otherwise, it should
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/810
@dbist Looks like this did get merged in (commit
cf404f77d16daca5692f6197575bcc56c58fc2a9), but the PR is still open. I don't
see anything wrong with the commit. Can you just close this PR
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/812
+1
@JonZeolla You should be good to go, if you're still going to be the one to
push it through.
---
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/824
Do we know why the partial update doesn't work? I'm not necessarily
opposed to doing this as a short term fix, but I'd like to know root cause.
It seems like overkill to submit a full
GitHub user justinleet opened a pull request:
https://github.com/apache/metron/pull/818
METRON-1284: Remove extraneous dead query in ElasticsearchDao
## Contributor Comments
Delete a pointless query. Given that it's essentially just a noop (we
query ES and then do nothing
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/803#discussion_r147152861
--- Diff:
metron-interface/metron-alerts/src/app/alerts/alerts-list/tree-view/tree-view.component.ts
---
@@ -337,12 +343,67 @@ export class
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/811
Master is merged in, so this Travis run should be legit
---
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/816
I agree we leave it as-is.
---
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/803#discussion_r146979225
--- Diff:
metron-interface/metron-alerts/src/app/alerts/alerts-list/tree-view/tree-view.component.ts
---
@@ -337,12 +343,67 @@ export class
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/811
Travis failure should be resolved once
https://github.com/apache/metron/pull/816 is in, and I'll merge in master and
push again once it is.
---
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/811
@nickwallen I added testing around the status stuff, and a couple docs. Let
me know if there's anything else that should be updated (or isn't clear or
whatever else).
---
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/811#discussion_r146965770
--- Diff:
metron-platform/metron-elasticsearch/src/main/java/org/apache/metron/elasticsearch/dao/ElasticsearchMetaAlertDao.java
---
@@ -295,19 +341,199
101 - 200 of 504 matches
Mail list logo
