[GitHub] incubator-metron issue #259: METRON-429 Profiler Missing Dependencies When U...

2016-09-19 Thread nickwallen
Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/259 The scope of this PR is to fix a bug that causes the Profiler topology to fail during deployment due to missing dependencies. This is supposed to fix an issue that you saw last week.

[GitHub] incubator-metron issue #259: METRON-429 Profiler Missing Dependencies When U...

2016-09-19 Thread cestella
Github user cestella commented on the issue: https://github.com/apache/incubator-metron/pull/259 Yep, I think it's probably due for some more up-to-date instructions on at least the stellar enrichment adapter to make some of this easier. If you have other scenarios that you're

[GitHub] incubator-metron pull request #256: Metron 257 Enable pcap result pagination...

2016-09-19 Thread asfgit
Github user asfgit closed the pull request at: https://github.com/apache/incubator-metron/pull/256 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the

[GitHub] incubator-metron issue #259: METRON-429 Profiler Missing Dependencies When U...

2016-09-19 Thread cestella
Github user cestella commented on the issue: https://github.com/apache/incubator-metron/pull/259 I understand; I'll defer the request until METRON-421, then. Sorry enrichment is biting you. --- If your project is set up for it, you can reply to this email and have your reply appear

[GitHub] incubator-metron issue #259: METRON-429 Profiler Missing Dependencies When U...

2016-09-19 Thread cestella
Github user cestella commented on the issue: https://github.com/apache/incubator-metron/pull/259 Great job, this looks good. Could you walk us through a testing scenario in the quickdev environment with sample configs for the profiler and sample enrichment configs, please? Similar

[GitHub] incubator-metron issue #259: METRON-429 Profiler Missing Dependencies When U...

2016-09-19 Thread nickwallen
Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/259 Addressed the problem; see the latest commit. Tested by deploying the Profiler on Quick Dev Vagrant. Integration tests should be happy now too. --- If your project is set up for it,

[GitHub] incubator-metron issue #259: METRON-429 Profiler Missing Dependencies When U...

2016-09-19 Thread nickwallen
Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/259 Agreed. I'll have a working step-by-step set of instructions for METRON-421. That's a good thing to have. Maybe I'll add it as a 'Getting Started' type section to the README in

[GitHub] incubator-metron issue #259: METRON-429 Profiler Missing Dependencies When U...

2016-09-19 Thread cestella
Github user cestella commented on the issue: https://github.com/apache/incubator-metron/pull/259 +1 pending CI build --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and

[DISCUSS] Storm topology sideloading jars

2016-09-19 Thread Michael Miklavcic
As part of https://issues.apache.org/jira/browse/METRON-356 it is now possible to add hbase and hadoop conf to the Storm topology classpath. It is also desirable to expand this functionality to sideloading jars for Storm topologies. That way, users can add additional dependencies without having to

[GitHub] incubator-metron issue #221: METRON-384 Allow elasticsearch to bind to loopb...

2016-09-19 Thread dlyle65535
Github user dlyle65535 commented on the issue: https://github.com/apache/incubator-metron/pull/221 Could you post an email address to use for the commit? Thanks! --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your

Re: [DISCUSS] Storm topology sideloading jars

2016-09-19 Thread Casey Stella
For those curious about that code, it appears to be here . It appears that VFSClassloader alone from VFS Commons will support HDFS. As always, we are going to

Re: log parsers-

2016-09-19 Thread Casey Stella
So, just curious, what kind of behavior would you expect if the JSON had a complex map inside of it (e.g. { "foo" : { "bar" : 1 }, "numeric" : 7 } )? As it is now, our indices in ES do not handle complex structures. Would you want those fields dropped, folded in to the larger structure (e.g. {

Re: [DISCUSS] Storm topology sideloading jars

2016-09-19 Thread David Lyle
I don't believe Storm does, we would have to modify our bolts to add an additional classloader to the current classloader chain. Shouldn't be too much work, but a ton of reward. Accumulo had a similar requirement- distributing and synchronizing jars to distributed components. They introduced a

[GitHub] incubator-metron issue #221: METRON-384 Allow elasticsearch to bind to loopb...

2016-09-19 Thread dlyle65535
Github user dlyle65535 commented on the issue: https://github.com/apache/incubator-metron/pull/221 I'm +1 on this, thanks for the contribution. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not

Re: log parsers-

2016-09-19 Thread David Lyle
Does Elasticsearch Nested Objects [1] help with that? [1] https://www.elastic.co/guide/en/elasticsearch/guide/current/nested-objects.html On Mon, Sep 19, 2016 at 9:43 AM, Casey Stella wrote: > So, just curious, what kind of behavior would you expect if the JSON had a >

[GitHub] incubator-metron pull request #221: METRON-384 Allow elasticsearch to bind t...

2016-09-19 Thread asfgit
Github user asfgit closed the pull request at: https://github.com/apache/incubator-metron/pull/221 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the

[GitHub] incubator-metron pull request #260: METRON-433: Documentation update

2016-09-19 Thread cestella
GitHub user cestella opened a pull request: https://github.com/apache/incubator-metron/pull/260 METRON-433: Documentation update It has been a while since we had a holistic documentation review. I reviewed the README.md and * Rearranged content to better reflect the current

Re: log parsers-

2016-09-19 Thread Egon Kidmose
+1 on the pass through parser that just sends JSON onwards Mvh. / BR Egon Kidmose On Thu, Sep 15, 2016 at 6:08 PM, Casey Stella wrote: > Just to tack onto the parser thread (love it, btw :). I'd love to see a > couple of general ones: > >- Arbitrary XML with the

Re: log parsers-

2016-09-19 Thread Casey Stella
It may. We may get to the point where we can handle more complex objects. Until then, I made the approach pluggable and put up a quick JIRA/PR for people to tinker with here . I had this dude already done in a long languishing branch, so I

[GitHub] incubator-metron pull request #261: METRON-434: JSON Parser

2016-09-19 Thread cestella
GitHub user cestella opened a pull request: https://github.com/apache/incubator-metron/pull/261 METRON-434: JSON Parser There are some situations where your data is already in JSON form and parsing should be as simple as passing the data through, adding `timestamp` and