Github user nickwallen commented on the issue:
https://github.com/apache/metron/pull/879
+0 I'm sure what's here is solid, but I have not reviewed it myself. I
just want to clear the way for this to get merged.
I don't necessarily like the usability of this approach, but I
Github user mraliagha commented on the issue:
https://github.com/apache/metron/pull/879
@cestella Is there any document or description regarding this feature? How
would the performance be comparable with normal HBase enrichment?
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/879
+0
---
Github user cestella commented on the issue:
https://github.com/apache/metron/pull/879
haha @ottobackwards neutral would be a +0, which is fine. Thanks for your
constructive comments on the discuss thread and here. As always, they're much
appreciated. :)
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/879
I'm not getting in front of the train on this.
I am neutral on this other than my comments to help the conversation and
attempt to focus things.
I don't know how to enter "don't
Github user cestella commented on the issue:
https://github.com/apache/metron/pull/879
Ok, @justinleet has given a +1, do we have any existing reservations after
the discussion thread and the review here on this work? If not, then I'm going
to commit on Monday.
---
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/879
I'm still +1 on this, thanks again.
---
Github user cestella commented on the issue:
https://github.com/apache/metron/pull/879
Just following up, I have migrated the mapping of existing data to a
template in the instructions and the type mismatch for `ip_dst_addr` is no
longer an issue. The PR as it currently stands has
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/879
@mmiklavc Check out
https://github.com/apache/metron/pull/882#issuecomment-356109443. Looks like
the squid mapping @cestella uses doesn't line up (which isn't terribly
surprising because it was
Github user mmiklavc commented on the issue:
https://github.com/apache/metron/pull/879
@justinleet
> barring the UI because of ES5 issues
What sort of issues?
---
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/879
I spun this up in the context of the combined PR, and everything worked as
advertised, barring the UI because of ES5 issues. I was able to validate that
data flowed through as expected by
Github user cestella commented on the issue:
https://github.com/apache/metron/pull/879
So, the discuss thread has been going for some time now and the discussion
is mostly around forward-thinking extensions to this. Are we at the point to
agree that this is a viable first step and
Github user cestella commented on the issue:
https://github.com/apache/metron/pull/879
After more consideration and more egg nog, I decided that I'd create a
DISCUSS thread about this entire use-case. We can move the discussion there.
---
Github user cestella commented on the issue:
https://github.com/apache/metron/pull/879
Also, a wizard-like UI could simplify this dramatically. That was one of
the thoughts around extending and reusing the existing infrastructure in the
first pass of this rather than creating a new
Github user cestella commented on the issue:
https://github.com/apache/metron/pull/879
@ottobackwards Yes, that's spot on. It's to enable creation of
summarization objects in a method similar (and reusing the configs and
infrastructure of) the flat file loader. The idea is that
Github user cestella commented on the issue:
https://github.com/apache/metron/pull/879
@nickwallen I definitely hear you, the JSON configs are more complex than
I'd like. I'd like another more composable solution available using lambda
functions available in the REPL.
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/879
I think the need is to 'pre-create' complex objects, and re-use them across
multiple stellar rule executions, with the bloom-filter being the example.
Is that close?
Github user nickwallen commented on the issue:
https://github.com/apache/metron/pull/879
IMHO, this seems really complex. That JSON configuration looks really
scary to me and sadly I don't think I could bring myself to use this.
Fundamentally the need you are addressing is
18 matches
Mail list logo
