Re: [DISCUSS] Recurring community meetings to demo Metron features

Great idea. +1 on the agenda. Maybe half demo of latest features / half discussion on upcoming changes and new ideas. -Kyle On Wed, Sep 21, 2016 at 4:03 PM, zeo...@gmail.com wrote: > I'm in from CMU. Zoom and WebEx work well. > > Only suggestion would be a basic agenda (I.e.

[GitHub] incubator-metron issue #264: METRON-437 The Profile Definition's inputTopic ...

Github user cestella commented on the issue: https://github.com/apache/incubator-metron/pull/264 +1 by inspection --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and

Re: log parsers-

All, I have put together few interesting log sources what we are looking and also mapped the existing Metron-JIRA#¹s for few of them. https://drive.google.com/open?id=0B3HLRtVIDxauS3E3dE9mb1R3M2M Also, attached same to the email. Thanks, Satish On 9/14/16, 4:09 PM, "Satish Abburi"

Re: [DISCUSS] Metron standard field names

2016-09-21 22:00 GMT+02:00 zeo...@gmail.com : > Elasticsearch can't use periods in field names, It's possible again since the latest release https://www.elastic.co/blog/elasticsearch-2-4-0-released -- Yohann L.

Re: [DISCUSS] Recurring community meetings to demo Metron features

I'm in from CMU. Zoom and WebEx work well. Only suggestion would be a basic agenda (I.e. feature list) prior to the meeting so people can do their homework. Prior meaning ~24 hours before at a minimum IMO. Jon On Wed, Sep 21, 2016, 15:53 Tseytlin, Keren wrote:

Re: [DISCUSS] Metron standard field names

Elasticsearch can't use periods in field names, I think that's part of why they aren't used generally. I think this is a worthwhile discussion though, specifically regarding the timestamp and protocol discussion you started above. On Wed, Sep 21, 2016, 15:52 Yohann Lepage

[DISCUSS] Metron standard field names

Hi everyone, I wanted to solicit some discussion around Metron standard field names. I would love to have "convenient" field names. As convenient, I mean: short, not ambiguous, well-known, documented. Here is my feeling regarding the actual standard field names[0]: - ip_src_addr: too long,

Re: [DISCUSS] Recurring community meetings to demo Metron features

Hi James, Kevin and I (and perhaps a couple others from our team) will join in too. Keep us posted with the meeting details. Best, Keren On 9/21/16, 2:26 PM, "Otto Fowler" wrote: >Hi James, > >I think this is a great idea. Zoom seems to work pretty well. > >On

[GitHub] incubator-metron pull request #257: METRON-426: Stellar does not support sci...

Github user asfgit closed the pull request at: https://github.com/apache/incubator-metron/pull/257 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the

Re: [DISCUSS] Recurring community meetings to demo Metron features

Hi James, I think this is a great idea. Zoom seems to work pretty well. On September 21, 2016 at 14:18:54, James Sirota (jsir...@apache.org) wrote: I want to setup recurring meetings that run twice a month where we can demo latest features of Metron and fixes for Metron . I want to have the

Re: [DISCUSS] Ambari Integration

We could definitely replace some of it, but have not replaced anything for this PR. Most changes in the PR are in metron-deployment/packaging/ambari/ + some light surrounding work to make some stuff available that wasn't. The Ansible stuff is basically untouched if not actually untouched. Actually

Re: [DISCUSS] Ambari Integration

Thanks Justin, So this should just replace what is currently happening if you do the full deployment, but you have not tested it as such? I think the difference in the ASW deployment that I saw was how it set the nodes to roles through the script. Sorry if I overstated it. On September 21,

[GitHub] incubator-metron issue #116: Metron 146 topology workers

Github user jjonez commented on the issue: https://github.com/apache/incubator-metron/pull/116 Sorry. I'll take care of it. > On Sep 21, 2016, at 1:24 PM, Nick Allen wrote: > > I am unable to. You should be able to close it though. Thanks.

Re: [DISCUSS] Ambari Integration

Hi Otto, Couple things to dig into a bit. Let me know if I stray off what your question is, but I think this should give you the answer. For the mpack, it's just taking a cluster without Metron and turning it into a cluster running Metron (regardless of the cluster itself was provisioned). I

[GitHub] incubator-metron issue #116: Metron 146 topology workers

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/116 I am unable to. You should be able to close it though. Thanks. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your

[GitHub] incubator-metron issue #257: METRON-426: Stellar does not support scientific...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/257 @justinleet I think everything you mentioned has been addressed. Are you good with this PR? --- If your project is set up for it, you can reply to this email and have your reply

[GitHub] incubator-metron issue #261: METRON-434: JSON Parser

Github user ottobackwards commented on the issue: https://github.com/apache/incubator-metron/pull/261 Casey, would you feel about adding in recursion, such that nested maps will be unfolded? I have that working. --- If your project is set up for it, you can reply to this email

[GitHub] incubator-metron pull request #265: METRON-438: Back the Stellar REPL with a...

Github user nickwallen commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/265#discussion_r79862290 --- Diff: metron-platform/metron-common/src/main/java/org/apache/metron/common/stellar/shell/StellarShell.java --- @@ -244,6 +304,55 @@ private

[GitHub] incubator-metron issue #265: METRON-438: Back the Stellar REPL with a readli...

Github user cestella commented on the issue: https://github.com/apache/incubator-metron/pull/265 @nickwallen I think I can do something about that, yep. Let me noodle on just the right way to do it. --- If your project is set up for it, you can reply to this email and have your

[GitHub] incubator-metron issue #265: METRON-438: Back the Stellar REPL with a readli...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/265 Love it. One other thing I was noticing. Not a deal breaker, but want to get your feedback on it. If I auto-complete a function, it adds a space after the function name.

[GitHub] incubator-metron pull request #268: METRON-421 Make Stellar Profiler Client ...

GitHub user nickwallen opened a pull request: https://github.com/apache/incubator-metron/pull/268 METRON-421 Make Stellar Profiler Client API Accessible in Parser and Enrichment Topologies [METRON-421](https://issues.apache.org/jira/browse/METRON-421) These changes were

[GitHub] incubator-metron issue #267: METRON-445: Fix typos in metron-deployment role...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/267 Isn't that the British spelling? 👍 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not

Re: [DISCUSS] Ambari Integration

Hi Justin, Are you testing this against the small_cluster configuration? With the full install ( install ambari etc ) as well as the AWS install? The AWS install seems like it’s own path, and is essentially different from small_cluster. I myself am interested in the whole boat deployment -

Re: [DISCUSS] Ambari Integration

Hi all, I opened up a PR at https://github.com/apache/incubator-metron/pull/266 for everyone to take a look at and comment on. For reference, the original JIRA is https://issues.apache.org/jira/browse/METRON-427 It pretty much covers the MVP that Casey outlined and should give a pretty good

[GitHub] incubator-metron pull request #267: METRON-445: Fix typos in metron-deployme...

GitHub user JonZeolla opened a pull request: https://github.com/apache/incubator-metron/pull/267 METRON-445: Fix typos in metron-deployment roles Apply s/passowrd/password/ to the main.yml files under metron-deployment/roles/{mysql_client,metron_streaming}/tasks/. You can merge

[GitHub] incubator-metron pull request #266: METRON-427 Create Ambari Management Pack...

GitHub user justinleet opened a pull request: https://github.com/apache/incubator-metron/pull/266 METRON-427 Create Ambari Management Pack for Metron Installation This is an initial cut at an MVP for the Ambari Management Pack. Most of the ground work was completed in other Jiras

[GitHub] incubator-metron issue #261: METRON-434: JSON Parser

Github user cestella commented on the issue: https://github.com/apache/incubator-metron/pull/261 @ottobackwards Regarding your other question, we mandated that every message capture the original message and a timestamp as required fields. If the message doesn't have that, then it

Hello Metron

Hi everyone, My name is Otto Fowler, and I work at Leidos Cyber ( formerly Lockheed Martin IS ). I am very impressed with the Metron project and the work everyone has been doing and I’ve really enjoyed working with Metron so far in my evaluation. I look forward to participating in this new but