Github user james-sirota commented on the issue:
https://github.com/apache/incubator-metron/pull/438
I think a better approach is to bake in an enforcement layer within Metron
to only allow flat maps (key-value pairs where the value cannot be a complex
object). You would enforce
Github user james-sirota commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/449#discussion_r100719426
--- Diff:
metron-analytics/metron-profiler/src/main/java/org/apache/metron/profiler/bolt/KafkaDestinationHandler.java
---
@@ -0,0 +1,78 @@
Github user james-sirota commented on the issue:
https://github.com/apache/incubator-metron/pull/450
I think taking the string as an argument is really powerful, but it's also
really flexible. "1 hour window every 24 hours starting from 14 days ago
including the current day of the
Github user cestella commented on the issue:
https://github.com/apache/incubator-metron/pull/450
The Readme additions were intended to break the expressions down into the
possible phrases. Do you think those sections need to be structured
differently?
---
If your project is set up
Github user trixpan commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/451#discussion_r100717512
--- Diff:
metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/cef/CEFParser.java
---
@@ -0,0 +1,274 @@
+/**
+ *
Github user james-sirota commented on the issue:
https://github.com/apache/incubator-metron/pull/450
I think the API looks great. Can we provide a grammar in the comments for
constructing the PROFILE_WINDOW function? I think the API is so flexible that
it may be hard to wrap your
+1. Staged in AWS and ran through initial sanity tests. Everything worked
great
Thanks,
James
10.02.2017, 13:22, "Casey Stella" :
> This is a call to vote on releasing Apache Metron 0.3.1-RC4 incubating
>
> Full list of changes in this release:
>
Github user james-sirota commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/451#discussion_r100716097
--- Diff:
metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/cef/CEFParserTest.java
---
@@ -0,0 +1,186 @@
+/**
+
Github user james-sirota commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/451#discussion_r100715818
--- Diff:
metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/cef/CEFParser.java
---
@@ -0,0 +1,274 @@
+/**
+ *
Github user james-sirota commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/451#discussion_r100716155
--- Diff:
metron-platform/metron-parsers/src/test/resources/org/apache/metron/parsers/cef/adallom.cef
---
@@ -0,0 +1 @@
Github user james-sirota commented on the issue:
https://github.com/apache/incubator-metron/pull/452
+1 by inspection. thanks for catching this, simon
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does
Github user trixpan commented on the issue:
https://github.com/apache/incubator-metron/pull/451
Seems ok to me.
The only last comment which certainly is not a blocker (and if I read the
code correctly, is already addressed
Github user simonellistonball commented on the issue:
https://github.com/apache/incubator-metron/pull/447
Diagram updated in https://github.com/apache/incubator-metron/pull/452
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as
GitHub user simonellistonball opened a pull request:
https://github.com/apache/incubator-metron/pull/452
Removed MySQL from Enrichment Diagram
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/simonellistonball/incubator-metron
Github user simonellistonball commented on the issue:
https://github.com/apache/incubator-metron/pull/451
Agreed, let's pull the date discussion into a wider forum. Apart from this,
is there anything else you see in this parser specifically to block merging?
---
If your project is
Github user trixpan commented on the issue:
https://github.com/apache/incubator-metron/pull/451
Yep. I would say unless HPE clarifies Mmm being English only, providing the
parsers with the ability to set locale would be ideal.
And I didn't even mentioned that they use Zzz
Github user simonellistonball commented on the issue:
https://github.com/apache/incubator-metron/pull/451
The joys of international date parsing, right? Seems like a the CEF
standard is not the most well read among device vendors. A number of the 'from
the wild' examples we've got in
Github user trixpan commented on the issue:
https://github.com/apache/incubator-metron/pull/451
No. And under RFC 3164, Syslog's Mmm is English only but this certainty is
not present in the CEF spec states MMM as SimpleDateFormat and makes no
reference over locale. This in theory
Github user simonellistonball commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/451#discussion_r100688919
--- Diff:
metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/cef/CEFParser.java
---
@@ -0,0 +1,272 @@
+/**
Github user simonellistonball commented on the issue:
https://github.com/apache/incubator-metron/pull/451
Syslog timestamp capture looks to be locale sensitive here, though all
other date parsing is SimpleDateFormat based, so should be robust to locale. Do
you see this issue on
Github user simonellistonball commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/451#discussion_r100688850
--- Diff:
metron-platform/metron-parsers/src/test/resources/org/apache/metron/parsers/cef/cyberark.json
---
@@ -0,0 +1,21 @@
+{
21 matches
Mail list logo