[jira] [Created] (METRON-1367) Stellar should optionally instrument function calls

[Otto Fowler (JIRA)]

Otto Fowler created METRON-1367:
---

 Summary: Stellar should optionally instrument function calls
 Key: METRON-1367
 URL: https://issues.apache.org/jira/browse/METRON-1367
 Project: Metron
  Issue Type: Improvement
Reporter: Otto Fowler


It would be nice if stellar processor(s) could optionally instrument function 
calls to test performance.

The result would be some structure with the calls, the times and maybe some 
context as a list or map



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (METRON-1366) Add an entropy stellar function

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/METRON-1366?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16293623#comment-16293623
 ] 

ASF GitHub Bot commented on METRON-1366:


Github user ottobackwards commented on a diff in the pull request:

https://github.com/apache/metron/pull/872#discussion_r157332543
  
--- Diff: 
metron-analytics/metron-statistics/src/main/java/org/apache/metron/statistics/informationtheory/InformationTheoryUtil.java
 ---
@@ -0,0 +1,52 @@
+/*
+ *
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 
implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+package org.apache.metron.statistics.informationtheory;
+
+import java.util.Map;
+
+public enum InformationTheoryUtil {
+  INSTANCE;
+  private static final double LOG2 = Math.log(2);
+
+  public double entropy(Map counts, double logOfBase) {
+double ret = 0.0;
+int n = 0;
+if(counts == null || counts.isEmpty()) {
+  return ret;
+}
+for(Integer f : counts.values()) {
+  n+=f;
+}
+
+for(Integer f : counts.values()) {
+  double p = f.doubleValue()/n;
+  ret -= p * Math.log(p) / logOfBase;
+}
+return ret;
+  }
+
--- End diff --

https://github.com/ottobackwards/stream_entropy


> Add an entropy stellar function
> ---
>
> Key: METRON-1366
> URL: https://issues.apache.org/jira/browse/METRON-1366
> Project: Metron
>  Issue Type: Improvement
>Reporter: Casey Stella
>
> Trending entropy for various volumetric statistics (e.g. netflow data) has 
> been a useful metric for intrusion detection (see 
> http://www.cs.bu.edu/techreports/pdf/2005-002-anomaly-mining.pdf).  To wit, 
> it makes some sense to add an entropy calculation for Stellar.  Used in 
> conjunction with the profiler and an outlier detector, we can recreate the 
> work of Lakhina referenced above.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (METRON-1366) Add an entropy stellar function

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/METRON-1366?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16293620#comment-16293620
 ] 

ASF GitHub Bot commented on METRON-1366:


Github user ottobackwards commented on a diff in the pull request:

https://github.com/apache/metron/pull/872#discussion_r157332057
  
--- Diff: 
metron-analytics/metron-statistics/src/main/java/org/apache/metron/statistics/informationtheory/InformationTheoryUtil.java
 ---
@@ -0,0 +1,52 @@
+/*
+ *
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 
implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+package org.apache.metron.statistics.informationtheory;
+
+import java.util.Map;
+
+public enum InformationTheoryUtil {
+  INSTANCE;
+  private static final double LOG2 = Math.log(2);
+
+  public double entropy(Map counts, double logOfBase) {
+double ret = 0.0;
+int n = 0;
+if(counts == null || counts.isEmpty()) {
+  return ret;
+}
+for(Integer f : counts.values()) {
+  n+=f;
+}
+
+for(Integer f : counts.values()) {
+  double p = f.doubleValue()/n;
+  ret -= p * Math.log(p) / logOfBase;
+}
+return ret;
+  }
+
--- End diff --

for giggles

```java
 public double stream_entropy(Map counts, double logOfBase) {
double ret = 0.0;
if (counts == null || counts.isEmpty()) {
  return ret;
}
final int n = counts.values().stream().mapToInt((d) -> d).sum();
return counts.values().stream().collect(reducing(0.0, (f) -> 
f.doubleValue(), (a, b) -> {
  double p = b.doubleValue() / n;
  a -= p * Math.log(p) / logOfBase;
  return a;
}));
  }
```


> Add an entropy stellar function
> ---
>
> Key: METRON-1366
> URL: https://issues.apache.org/jira/browse/METRON-1366
> Project: Metron
>  Issue Type: Improvement
>Reporter: Casey Stella
>
> Trending entropy for various volumetric statistics (e.g. netflow data) has 
> been a useful metric for intrusion detection (see 
> http://www.cs.bu.edu/techreports/pdf/2005-002-anomaly-mining.pdf).  To wit, 
> it makes some sense to add an entropy calculation for Stellar.  Used in 
> conjunction with the profiler and an outlier detector, we can recreate the 
> work of Lakhina referenced above.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (METRON-1366) Add an entropy stellar function

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/METRON-1366?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16293407#comment-16293407
 ] 

ASF GitHub Bot commented on METRON-1366:


GitHub user cestella opened a pull request:

https://github.com/apache/metron/pull/872

METRON-1366: Add an entropy stellar function

## Contributor Comments
Trending entropy for various volumetric statistics (e.g. netflow data) has 
been a useful metric for intrusion detection (see 
http://www.cs.bu.edu/techreports/pdf/2005-002-anomaly-mining.pdf). To wit, it 
makes some sense to add an entropy calculation for Stellar. Used in conjunction 
with the profiler and an outlier detector, we can recreate the work of Lakhina 
referenced above.

You can validate this from the REPL:
* `IT_ENTROPY({ 'a' : 10, 'b' : 5, 'c' : 5} )` should yield `1.5`
  * By the definition of Entropy: `H(X) = -p(a)*log_2(p(a)) - 
p(b)*log_2(p(b)) - p(c)*log_2(p(c)) = -0.5*-1 - 0.25*-2 - 0.25*-2 = 1.5`
* `IT_ENTROPY({})` should yield `0.0`

## Pull Request Checklist

Thank you for submitting a contribution to Apache Metron.  
Please refer to our [Development 
Guidelines](https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61332235)
 for the complete guide to follow for contributions.  
Please refer also to our [Build Verification 
Guidelines](https://cwiki.apache.org/confluence/display/METRON/Verifying+Builds?show-miniview)
 for complete smoke testing guides.  


In order to streamline the review of the contribution we ask you follow 
these guidelines and ask you to double check the following:

### For all changes:
- [x] Is there a JIRA ticket associated with this PR? If not one needs to 
be created at [Metron 
Jira](https://issues.apache.org/jira/browse/METRON/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel).
 
- [x] Does your PR title start with METRON- where  is the JIRA 
number you are trying to resolve? Pay particular attention to the hyphen "-" 
character.
- [x] Has your PR been rebased against the latest commit within the target 
branch (typically master)?


### For code changes:
- [x] Have you included steps to reproduce the behavior or problem that is 
being changed or addressed?
- [x] Have you included steps or a guide to how the change may be verified 
and tested manually?
- [x] Have you ensured that the full suite of tests and checks have been 
executed in the root metron folder via:
  ```
  mvn -q clean integration-test install && build_utils/verify_licenses.sh 
  ```

- [x] Have you written or updated unit tests and or integration tests to 
verify your changes?
- [x] If adding new dependencies to the code, are these dependencies 
licensed in a way that is compatible for inclusion under [ASF 
2.0](http://www.apache.org/legal/resolved.html#category-a)? 
- [ ] Have you verified the basic functionality of the build by building 
and running locally with Vagrant full-dev environment or the equivalent?

### For documentation related changes:
- [x] Have you ensured that format looks appropriate for the output in 
which it is rendered by building and verifying the site-book? If not then run 
the following commands and the verify changes via 
`site-book/target/site/index.html`:

  ```
  cd site-book
  mvn site
  ```

 Note:
Please ensure that once the PR is submitted, you check travis-ci for build 
issues and submit an update to your PR as soon as possible.
It is also recommended that [travis-ci](https://travis-ci.org) is set up 
for your personal repository such that your branches are built there before 
submitting a pull request.



You can merge this pull request into a Git repository by running:

$ git pull https://github.com/cestella/incubator-metron entropy

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/metron/pull/872.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #872


commit d4494854e482e2532f707b28ef2f891d13e129f3
Author: cstella 
Date:   2017-12-15T23:25:50Z

Added entropy function.




> Add an entropy stellar function
> ---
>
> Key: METRON-1366
> URL: https://issues.apache.org/jira/browse/METRON-1366
> Project: Metron
>  Issue Type: Improvement
>Reporter: Casey Stella
>
> Trending entropy for various volumetric statistics (e.g. netflow data) has 
> been a useful metric for intrusion detection (see 
> http://www.cs.bu.edu/techreports/pdf/2005-002-anomaly-mining.pdf).  To wit, 
> it makes some sense to add an entropy calculation for Stellar.  Used in 
> conjunction 

[jira] [Created] (METRON-1366) Add an entropy stellar function

[Casey Stella (JIRA)]

Casey Stella created METRON-1366:


 Summary: Add an entropy stellar function
 Key: METRON-1366
 URL: https://issues.apache.org/jira/browse/METRON-1366
 Project: Metron
  Issue Type: Improvement
Reporter: Casey Stella


Trending entropy for various volumetric statistics (e.g. netflow data) has been 
a useful metric for intrusion detection (see 
http://www.cs.bu.edu/techreports/pdf/2005-002-anomaly-mining.pdf).  To wit, it 
makes some sense to add an entropy calculation for Stellar.  Used in 
conjunction with the profiler and an outlier detector, we can recreate the work 
of Lakhina referenced above.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (METRON-1365) Allow PROFILE_GET to return a default value for a profile and entity that does not have a value written.

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/METRON-1365?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16293382#comment-16293382
 ] 

ASF GitHub Bot commented on METRON-1365:


GitHub user cestella opened a pull request:

https://github.com/apache/metron/pull/871

METRON-1365: Allow PROFILE_GET to return a default value for a profile and 
entity that does not have a value written.

## Contributor Comments
Right now the profiler is a sparse system, namely if data is not written 
during a profile period for a given profile and entity, no values are written 
to HBase. Some algorithms may need non-sparse data (e.g. time series outlier 
detection algorithms). We should keep the default behavior as it stands, but 
allow the user at read time to specify a default value. This is most cleanly 
done by using the existing profiler config overrides (the 4rd argument to 
`PROFILE_GET`) and adding a `profiler.default.value`.

You should be able to validate this in the REPL in full-dev by running:
```
PROFILE_GET('profile1', 'entity1', PROFILE_FIXED(4, 'HOURS'), { 
'profiler.default.value' : 'metron'} )
```

You should see a list of strings with 16 or 17 copies of `metron` in it.
If you run it without the overrides, you should see an empty list returned.

## Pull Request Checklist

Thank you for submitting a contribution to Apache Metron.  
Please refer to our [Development 
Guidelines](https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61332235)
 for the complete guide to follow for contributions.  
Please refer also to our [Build Verification 
Guidelines](https://cwiki.apache.org/confluence/display/METRON/Verifying+Builds?show-miniview)
 for complete smoke testing guides.  


In order to streamline the review of the contribution we ask you follow 
these guidelines and ask you to double check the following:

### For all changes:
- [x] Is there a JIRA ticket associated with this PR? If not one needs to 
be created at [Metron 
Jira](https://issues.apache.org/jira/browse/METRON/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel).
 
- [x] Does your PR title start with METRON- where  is the JIRA 
number you are trying to resolve? Pay particular attention to the hyphen "-" 
character.
- [x] Has your PR been rebased against the latest commit within the target 
branch (typically master)?


### For code changes:
- [ x] Have you included steps to reproduce the behavior or problem that is 
being changed or addressed?
- [ ] Have you included steps or a guide to how the change may be verified 
and tested manually?
- [x] Have you ensured that the full suite of tests and checks have been 
executed in the root metron folder via:
  ```
  mvn -q clean integration-test install && build_utils/verify_licenses.sh 
  ```

- [x] Have you written or updated unit tests and or integration tests to 
verify your changes?
- [x] If adding new dependencies to the code, are these dependencies 
licensed in a way that is compatible for inclusion under [ASF 
2.0](http://www.apache.org/legal/resolved.html#category-a)? 
- [ ] Have you verified the basic functionality of the build by building 
and running locally with Vagrant full-dev environment or the equivalent?

### For documentation related changes:
- [x] Have you ensured that format looks appropriate for the output in 
which it is rendered by building and verifying the site-book? If not then run 
the following commands and the verify changes via 
`site-book/target/site/index.html`:

  ```
  cd site-book
  mvn site
  ```

 Note:
Please ensure that once the PR is submitted, you check travis-ci for build 
issues and submit an update to your PR as soon as possible.
It is also recommended that [travis-ci](https://travis-ci.org) is set up 
for your personal repository such that your branches are built there before 
submitting a pull request.



You can merge this pull request into a Git repository by running:

$ git pull https://github.com/cestella/incubator-metron 
profiler_default_values

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/metron/pull/871.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #871


commit f763a728bce19f10b49c2d431814e25006a5b5d3
Author: cstella 
Date:   2017-12-15T22:37:22Z

Adding the ability to return default values from the profiler.

commit 44267b0850c7fc0912408f36badf64556a30d927
Author: cstella 
Date:   2017-12-15T22:39:14Z

Updating readme to support default values




> Allow PROFILE_GET to return a default value for a profile and entity that 
> does not 

[jira] [Created] (METRON-1365) Allow PROFILE_GET to return a default value for a profile and entity that does not have a value written.

[Casey Stella (JIRA)]

Casey Stella created METRON-1365:


 Summary: Allow PROFILE_GET to return a default value for a profile 
and entity that does not have a value written.
 Key: METRON-1365
 URL: https://issues.apache.org/jira/browse/METRON-1365
 Project: Metron
  Issue Type: Improvement
Reporter: Casey Stella


Right now the profiler is a sparse system, namely if data is not written during 
a profile period for a given profile and entity, no values are written to 
HBase.  Some algorithms may need non-sparse data (e.g. time series outlier 
detection algorithms).  We should keep the default behavior as it stands, but 
allow the user at read time to specify a default value.  This is most cleanly 
done by using the existing profiler config overrides (the 3rd argument to 
PROFILE_GET) and adding a profiler.default.value.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (METRON-1364) Add an implementation of Robust PCA outlier detection

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/METRON-1364?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16293289#comment-16293289
 ] 

ASF GitHub Bot commented on METRON-1364:


GitHub user cestella opened a pull request:

https://github.com/apache/metron/pull/870

METRON-1364: Add an implementation of Robust PCA outlier detection

## Contributor Comments
With short circuiting in Stellar, we have the opportunity to delve into 
more computationally intensive outlier detection techniques. Generally these 
would be executed only if simpler outlier detection techniques indicated an 
outlier (e.g. statistical outlier tests).
As the first one of these supported, I'd suggest a Robust PCA based 
technique similar to Netflix's Surus. See 
https://medium.com/netflix-techblog/rad-outlier-detection-on-big-data-d6b0494371cc
 and 
https://metamarkets.com/2012/algorithmic-trendspotting-the-meaning-of-interesting/
 for more detail.
It should be noted that there are some caveats with this approach around 
sparsity and orderedness.
Regarding sparsity,this outlier detection algorithm presumes dense output, 
which is not the case for data spanning profiles (e.g. the profiler does not 
write out data every period if no data was seen). To deal with this, I am 
suggesting a modification to the profiler to allow PROFILE_GET to return a 
default value. That will be done in a separate JIRA.
Regarding well-orderedness, this is an outlier detector for time series 
data, so it is sensitive to order to a certain extent. Given its computational 
intensity, it is likely to be used with a sample of the data to shrink the size 
of the data. To that end, uniform sampling is not sensible here, but rather a 
biased sample for recency. Without this, you may get poor results from this 
outlier detector. This sampler should be done in a separate JIRA, but I will 
ensure the infrastructure to add it is contributed in METRON-1350.

## Pull Request Checklist

Thank you for submitting a contribution to Apache Metron.  
Please refer to our [Development 
Guidelines](https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61332235)
 for the complete guide to follow for contributions.  
Please refer also to our [Build Verification 
Guidelines](https://cwiki.apache.org/confluence/display/METRON/Verifying+Builds?show-miniview)
 for complete smoke testing guides.  


In order to streamline the review of the contribution we ask you follow 
these guidelines and ask you to double check the following:

### For all changes:
- [x] Is there a JIRA ticket associated with this PR? If not one needs to 
be created at [Metron 
Jira](https://issues.apache.org/jira/browse/METRON/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel).
 
- [x] Does your PR title start with METRON- where  is the JIRA 
number you are trying to resolve? Pay particular attention to the hyphen "-" 
character.
- [x] Has your PR been rebased against the latest commit within the target 
branch (typically master)?


### For code changes:
- [x] Have you included steps to reproduce the behavior or problem that is 
being changed or addressed?
- [ ] Have you included steps or a guide to how the change may be verified 
and tested manually?
- [x] Have you ensured that the full suite of tests and checks have been 
executed in the root metron folder via:
  ```
  mvn -q clean integration-test install && build_utils/verify_licenses.sh 
  ```

- [x] Have you written or updated unit tests and or integration tests to 
verify your changes?
- [x] If adding new dependencies to the code, are these dependencies 
licensed in a way that is compatible for inclusion under [ASF 
2.0](http://www.apache.org/legal/resolved.html#category-a)? 
- [ ] Have you verified the basic functionality of the build by building 
and running locally with Vagrant full-dev environment or the equivalent?

### For documentation related changes:
- [x] Have you ensured that format looks appropriate for the output in 
which it is rendered by building and verifying the site-book? If not then run 
the following commands and the verify changes via 
`site-book/target/site/index.html`:

  ```
  cd site-book
  mvn site
  ```

 Note:
Please ensure that once the PR is submitted, you check travis-ci for build 
issues and submit an update to your PR as soon as possible.
It is also recommended that [travis-ci](https://travis-ci.org) is set up 
for your personal repository such that your branches are built there before 
submitting a pull request.



You can merge this pull request into a Git repository by running:

$ git pull https://github.com/cestella/incubator-metron RAD_outlier

Alternatively you can review and apply these changes as the patch at:

[jira] [Created] (METRON-1364) Add an implementation of Robust PCA outlier detection

[Casey Stella (JIRA)]

Casey Stella created METRON-1364:


 Summary: Add an implementation of Robust PCA outlier detection
 Key: METRON-1364
 URL: https://issues.apache.org/jira/browse/METRON-1364
 Project: Metron
  Issue Type: Improvement
Reporter: Casey Stella


With short circuiting in Stellar, we have the opportunity to delve into more 
computationally intensive outlier detection techniques.  Generally these would 
be executed only if simpler outlier detection techniques indicated an outlier 
(e.g. statistical outlier tests).

As the first one of these supported, I'd suggest a Robust PCA based technique 
similar to Netflix's Surus.  See 
https://medium.com/netflix-techblog/rad-outlier-detection-on-big-data-d6b0494371cc
 and 
https://metamarkets.com/2012/algorithmic-trendspotting-the-meaning-of-interesting/
 for more detail.

It should be noted that there are some caveats with this approach around 
sparsity and orderedness.  

Regarding sparsity,this outlier detection algorithm presumes dense output, 
which is not the case for data spanning profiles (e.g. the profiler does not 
write out data every period if no data was seen). To deal with this, I am 
suggesting a modification to the profiler to allow PROFILE_GET to return a 
default value.  That will be done in a separate JIRA.

Regarding well-orderedness, this is an outlier detector for time series data, 
so it is sensitive to order to a certain extent.  Given its computational 
intensity, it is likely to be used with a sample of the data to shrink the size 
of the data.  To that end, uniform sampling is not sensible here, but rather a 
biased sample for recency.  Without this, you may get poor results from this 
outlier detector.  This sampler should be done in a separate JIRA, but I will 
ensure the infrastructure to add it is contributed in METRON-1350.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (METRON-1212) Bundles and Maven Plugin

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/METRON-1212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16293278#comment-16293278
 ] 

ASF GitHub Bot commented on METRON-1212:


Github user JonZeolla commented on a diff in the pull request:

https://github.com/apache/metron/pull/865#discussion_r157303681
  
--- Diff: bundles-maven-plugin/README.md ---
@@ -20,7 +20,9 @@ Apache Metron Bundles Maven Plugin helps to build Bundles 
Archives to support th
 
 - [Requirements](#requirements)
 - [Building](#building)
-- [Getting Stared](#getting_started)
+- [Getting Stared](#getting-started)
--- End diff --

`s/Stared/Started/`


> Bundles and Maven Plugin
> 
>
> Key: METRON-1212
> URL: https://issues.apache.org/jira/browse/METRON-1212
> Project: Metron
>  Issue Type: Sub-task
>Reporter: Otto Fowler
>Assignee: Otto Fowler
>  Labels: metron-feature-canidate, 
> metron-feature-extensions-parsers
>
> The first effort will be to land the bundle system and supporting maven 
> plugin on master



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (METRON-1158) Build backend for grouping alerts into meta alerts

[Justin Leet (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-1158?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Justin Leet updated METRON-1158:

Fix Version/s: 0.4.2

> Build backend for grouping alerts into meta alerts
> --
>
> Key: METRON-1158
> URL: https://issues.apache.org/jira/browse/METRON-1158
> Project: Metron
>  Issue Type: New Feature
>Reporter: Justin Leet
>Assignee: Justin Leet
> Fix For: 0.4.2
>
>
> We should be able to handle meta alerts (manually grouped alerts, 
> particularly from the UI) in the system. This should be integrated with the 
> DAO composition put into place with IndexDao.
> While similar to faceting (and likely resulting from slicing and dicing from 
> faceting), these need to be interacted with and queryable alongside regular 
> alerts.
> This needs to handle:
> * ES (as a starting point. This shouldn't preclude Solr)
> * Creation of meta alerts
> * Maintain update semantics for alerts
> * Handling scores when a child alert is added, updated or deleted.
> * Continue to allow regular alerts to flow through cleanly to the original 
> sensor indices.
> * Allow for querying (plus sorting and so on) alongside the original sensor 
> indices.
> * Maintain UI grouping order as the minimum of metadata.
> * This should be configured via the same indexDao definition (or at least 
> similar) as the other indexDaos.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (METRON-1190) Fix Meta Alert Type handling in calculation of scores

[Justin Leet (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-1190?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Justin Leet updated METRON-1190:

Fix Version/s: 0.4.2

> Fix Meta Alert Type handling in calculation of scores
> -
>
> Key: METRON-1190
> URL: https://issues.apache.org/jira/browse/METRON-1190
> Project: Metron
>  Issue Type: Bug
>Reporter: Justin Leet
>Assignee: Justin Leet
> Fix For: 0.4.2
>
>
> The alerts field can actually come as two different types List vs 
> Object[] during calculation of meta score fields.  A "correction" during the 
> original PR to fix one actually broke the other.  Both should be able to be 
> handled (Contents should be the same, just wrapped differently.)



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (METRON-938) "service metron-rest start " does not work on CentOS 7.

[Justin Leet (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Justin Leet updated METRON-938:
---
Fix Version/s: (was: Next + 1)
   0.4.2

> "service metron-rest start " does not work on CentOS 7.
> -
>
> Key: METRON-938
> URL: https://issues.apache.org/jira/browse/METRON-938
> Project: Metron
>  Issue Type: Bug
>Affects Versions: 0.4.0
> Environment: Metron 0.4.0 on CentOS 7.
>Reporter: Laurens Vets
>Assignee: Justin Leet
>Priority: Minor
> Fix For: 0.4.2
>
>
> I suppose due to the change to systemd, the command "service metron-rest 
> start " does not work anymore in CentOS 7.
> Changing "METRON_JDBC_PASSWORD="$2"" to "METRON_JDBC_PASSWORD=" PASSWORD>"" in "/etc/rc.d/init.d/metron-rest" seems to fix this.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (METRON-1220) Create documentation around alert nested field

[Justin Leet (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-1220?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Justin Leet updated METRON-1220:

Fix Version/s: 0.4.2

> Create documentation around alert nested field
> --
>
> Key: METRON-1220
> URL: https://issues.apache.org/jira/browse/METRON-1220
> Project: Metron
>  Issue Type: Improvement
>Reporter: Justin Leet
>Assignee: Justin Leet
> Fix For: 0.4.2
>
>
> There is an additional requirement around defining a sensor's fields in 
> Elasticsearch as a result of the meta alert functionality resulting from 
> Elasticsearch 2.x. This should be added to to the appropriate READMEs as 
> needed.
> Specifically the sensors must all define a field as such:
> {code}
> "alert": {
>   "type": "nested"
> }
> {code}
> This field is a dummy field used exclusively to make searches work (because 
> an error will be thrown when a field is missing).
> {code}
> QueryParsingException[[nested] failed to find nested object under path 
> [alert]];
> {code}
> As noted https://github.com/apache/metron/pull/619#issuecomment-330529609, 
> this underlying ES behavior is changed with ES 5.x and a small modification 
> to the query can be made and this field removed. This is documentd by ES at 
> https://www.elastic.co/guide/en/elasticsearch/reference/current/search-request-sort.html#_ignoring_unmapped_fields



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (METRON-1202) ElasticsearchDao Has extraneous sleep call

[Justin Leet (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-1202?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Justin Leet updated METRON-1202:

Fix Version/s: (was: Next + 1)
   0.4.2

> ElasticsearchDao Has extraneous sleep call
> --
>
> Key: METRON-1202
> URL: https://issues.apache.org/jira/browse/METRON-1202
> Project: Metron
>  Issue Type: Bug
>Reporter: Justin Leet
>Assignee: Justin Leet
> Fix For: 0.4.2
>
>
> Pointless sleep call that snuck in.  Just dump it.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (METRON-1272) Hide child alerts from searches and grouping if they belong to meta alerts

[Justin Leet (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-1272?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Justin Leet updated METRON-1272:

Fix Version/s: 0.4.2

> Hide child alerts from searches and grouping if they belong to meta alerts
> --
>
> Key: METRON-1272
> URL: https://issues.apache.org/jira/browse/METRON-1272
> Project: Metron
>  Issue Type: Improvement
>Reporter: Justin Leet
>Assignee: Justin Leet
> Fix For: 0.4.2
>
>
> If an alert is already grouped into a meta alert, it's nice to route 
> everything through the same query structure and allow sorting alongside them, 
> etc.  However, showing alerts that are already contained in a meta alert is 
> potential clutter for a user and gives the impression an event has occurred 
> twice if it's in a standalone alert and a metaalert.
> This should hide alerts contained in a meta alert from searches (which will 
> always match the enclosing meta alert anyway, so nothing will be lost from 
> the search).
> They should also be hidden from grouping calls, because the user has already 
> manually grouped them during prior slicing and dicing.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (METRON-1247) REST search and findOne endpoints return unexpected or incorrect results for guids

[Justin Leet (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-1247?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Justin Leet updated METRON-1247:

Fix Version/s: 0.4.2

> REST search and findOne endpoints return unexpected or incorrect results for 
> guids
> --
>
> Key: METRON-1247
> URL: https://issues.apache.org/jira/browse/METRON-1247
> Project: Metron
>  Issue Type: Bug
>Reporter: Justin Leet
>Assignee: Justin Leet
> Fix For: 0.4.2
>
>
> When running a search for a particular GUID, e.g.
> {code}
> {
>   "indices": ["websphere", "snort", "asa", "bro", "yaf"],
>   "query": "guid:a2d7ba04-d335-4948-8bc8-c889e7c531c9",
>   "from": 0,
>   "size": 500
> }
> {code}
> Multiple results can be returned.  This appears to be because the "guid" 
> field gets the default analyzer, so the individual segments between the 
> hyphens can match.
> A workaround is simply to quote the string (escaping appropriately).  This 
> should be documented.  A longer term solution is likely needed, but requires 
> more discussion.
> For findOne, the same situation happens, but since only one item is returned 
> it can be incorrect (a partial match that happens to be sorted earlier).  
> This should be changed to a simple GET against the id (which is also the guid 
> by design).  It's also more efficient to do this anyway.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (METRON-1284) Remove extraneous dead query in ElasticsearchDao

[Justin Leet (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-1284?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Justin Leet updated METRON-1284:

Fix Version/s: 0.4.2

> Remove extraneous dead query in ElasticsearchDao
> 
>
> Key: METRON-1284
> URL: https://issues.apache.org/jira/browse/METRON-1284
> Project: Metron
>  Issue Type: Bug
>Reporter: Justin Leet
>Assignee: Justin Leet
>Priority: Minor
> Fix For: 0.4.2
>
>
> This is pointless, but not really harmful.
> {code}
>  org.elasticsearch.action.search.SearchResponse result = 
> client.prepareSearch("test*").setFetchSource(true).setQuery(QueryBuilders.matchAllQuery()).get();
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (METRON-939) Upgrade ElasticSearch and Kibana

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/METRON-939?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292889#comment-16292889
 ] 

ASF GitHub Bot commented on METRON-939:
---

Github user mmiklavc commented on the issue:

https://github.com/apache/metron/pull/840
  
Just a status update on this. We're currently waiting for 0.4.2 to roll out 
before this gets committed. We definitely want more eyes and testing on this PR 
considering its breadth and size. We do not have any +1's yet, and I would 
prefer to have at least 2 for good measure, if at all possible.


> Upgrade ElasticSearch and Kibana
> 
>
> Key: METRON-939
> URL: https://issues.apache.org/jira/browse/METRON-939
> Project: Metron
>  Issue Type: Improvement
>Reporter: Jon Zeolla
>Assignee: Michael Miklavcic
>  Labels: backwards-incompatible
> Attachments: Metron-Dashboard - Kibana.pdf, Metron-Error-Dashboard - 
> Kibana.pdf
>
>
> Upgrade ElasticSearch and Kibana (latest is 5.4 as of writing this).  Among 
> other benefits, this allows us to use periods in field names 
> (https://github.com/elastic/elasticsearch/pull/19937/files), which has been 
> available as of 5.0 and 2.4, and the ability to index an IPv6 address 
> properly 
> (https://www.elastic.co/blog/indexing-ipv6-addresses-in-elasticsearch).



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (METRON-1177) Stale running topologies seen post-kerberization and cause exceptions

[Nick Allen (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-1177?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nick Allen updated METRON-1177:
---
Affects Version/s: 0.4.1

> Stale running topologies seen post-kerberization and cause exceptions
> -
>
> Key: METRON-1177
> URL: https://issues.apache.org/jira/browse/METRON-1177
> Project: Metron
>  Issue Type: Bug
>Affects Versions: 0.4.1
>Reporter: Anand Subramanian
>Assignee: Nick Allen
> Fix For: 0.4.2
>
>
> *Steps to Reproduce*
> 1. Install Ambari on 12 node cluster
> 2. Install Metron using MPack
> 3. Metron topologies are now running as user 'storm'
> 4. Setup standalone KDC on Ambari node by following these 
> [steps|https://github.com/apache/metron/blob/master/metron-deployment/Kerberos-manual-setup.md#setup-a-kdc]
> 5. Initiate "kerberize" cluster using Ambari
> 6. Ambari triggers "Stop all services"
> 7. In the event of a race condition, the REST service shuts down (which 
> prevents from being able to shutdown metron topologies)
> 8. Metron topology shut down occurs, but Metron Mpack cannot stop topologies 
> because REST already stopped. Metron ignores this condition and continues on 
> assuming the topologies are down
> 9. Storm service shuts down
> 10. Cluster kerberization occurs
> 11. Ambari triggers "Start all services"
> 12. Storm service starts. 
> 13. Since the Metron topologies were running when Storm was shutdown, these 
> same topologies are attempted to be started again by Storm, but are declared 
> as "already running"
> 14. All other services start successfully
> 15. Now, if we attempt to run a test with the stale topologies, following 
> exceptions are seen:
> {code}
> AuthorizationException(msg:getTopologyInfo on topology snort is not 
> authorized)
> at 
> org.apache.storm.generated.Nimbus$getTopologyInfo_result$getTopologyInfo_resultStandardScheme.read(Nimbus.java:36971)
> at 
> org.apache.storm.generated.Nimbus$getTopologyInfo_result$getTopologyInfo_resultStandardScheme.read(Nimbus.java:36939)
> at 
> org.apache.storm.generated.Nimbus$getTopologyInfo_result.read(Nimbus.java:36870)
> at 
> org.apache.storm.thrift.TServiceClient.receiveBase(TServiceClient.java:86)
> at 
> org.apache.storm.generated.Nimbus$Client.recv_getTopologyInfo(Nimbus.java:1182)
> at 
> org.apache.storm.generated.Nimbus$Client.getTopologyInfo(Nimbus.java:1169)
> at 
> org.hw.metron.lib.storm.StormClient.isTopologyRunning(StormClient.java:150)
> at 
> org.hw.metron.lib.storm.StormClient.startTopology(StormClient.java:68)
> at 
> functional.SnortTopologyTest.snortElasticsearchIndexTest(SnortTopologyTest.java:36)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at 
> org.testng.internal.MethodInvocationHelper.invokeMethod(MethodInvocationHelper.java:86)
> at org.testng.internal.Invoker.invokeMethod(Invoker.java:643)
> at org.testng.internal.Invoker.invokeTestMethod(Invoker.java:820)
> at org.testng.internal.Invoker.invokeTestMethods(Invoker.java:1128)
> at 
> org.testng.internal.TestMethodWorker.invokeTestMethods(TestMethodWorker.java:129)
> at org.testng.internal.TestMethodWorker.run(TestMethodWorker.java:112)
> at org.testng.TestRunner.privateRun(TestRunner.java:782)
> at org.testng.TestRunner.run(TestRunner.java:632)
> at org.testng.SuiteRunner.runTest(SuiteRunner.java:366)
> at org.testng.SuiteRunner.runSequentially(SuiteRunner.java:361)
> at org.testng.SuiteRunner.privateRun(SuiteRunner.java:319)
> at org.testng.SuiteRunner.run(SuiteRunner.java:268)
> at org.testng.SuiteRunnerWorker.runSuite(SuiteRunnerWorker.java:52)
> at org.testng.SuiteRunnerWorker.run(SuiteRunnerWorker.java:86)
> at org.testng.TestNG.runSuitesSequentially(TestNG.java:1244)
> at org.testng.TestNG.runSuitesLocally(TestNG.java:1169)
> at org.testng.TestNG.run(TestNG.java:1064)
> at 
> org.apache.maven.surefire.testng.TestNGExecutor.run(TestNGExecutor.java:295)
> at 
> org.apache.maven.surefire.testng.TestNGXmlTestSuite.execute(TestNGXmlTestSuite.java:84)
> at 
> org.apache.maven.surefire.testng.TestNGProvider.invoke(TestNGProvider.java:90)
> at 
> org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:203)
> at 
> org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:155)
> at 
> 

[jira] [Updated] (METRON-1177) Stale running topologies seen post-kerberization and cause exceptions

[Nick Allen (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-1177?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nick Allen updated METRON-1177:
---
Fix Version/s: 0.4.2

> Stale running topologies seen post-kerberization and cause exceptions
> -
>
> Key: METRON-1177
> URL: https://issues.apache.org/jira/browse/METRON-1177
> Project: Metron
>  Issue Type: Bug
>Reporter: Anand Subramanian
>Assignee: Nick Allen
> Fix For: 0.4.2
>
>
> *Steps to Reproduce*
> 1. Install Ambari on 12 node cluster
> 2. Install Metron using MPack
> 3. Metron topologies are now running as user 'storm'
> 4. Setup standalone KDC on Ambari node by following these 
> [steps|https://github.com/apache/metron/blob/master/metron-deployment/Kerberos-manual-setup.md#setup-a-kdc]
> 5. Initiate "kerberize" cluster using Ambari
> 6. Ambari triggers "Stop all services"
> 7. In the event of a race condition, the REST service shuts down (which 
> prevents from being able to shutdown metron topologies)
> 8. Metron topology shut down occurs, but Metron Mpack cannot stop topologies 
> because REST already stopped. Metron ignores this condition and continues on 
> assuming the topologies are down
> 9. Storm service shuts down
> 10. Cluster kerberization occurs
> 11. Ambari triggers "Start all services"
> 12. Storm service starts. 
> 13. Since the Metron topologies were running when Storm was shutdown, these 
> same topologies are attempted to be started again by Storm, but are declared 
> as "already running"
> 14. All other services start successfully
> 15. Now, if we attempt to run a test with the stale topologies, following 
> exceptions are seen:
> {code}
> AuthorizationException(msg:getTopologyInfo on topology snort is not 
> authorized)
> at 
> org.apache.storm.generated.Nimbus$getTopologyInfo_result$getTopologyInfo_resultStandardScheme.read(Nimbus.java:36971)
> at 
> org.apache.storm.generated.Nimbus$getTopologyInfo_result$getTopologyInfo_resultStandardScheme.read(Nimbus.java:36939)
> at 
> org.apache.storm.generated.Nimbus$getTopologyInfo_result.read(Nimbus.java:36870)
> at 
> org.apache.storm.thrift.TServiceClient.receiveBase(TServiceClient.java:86)
> at 
> org.apache.storm.generated.Nimbus$Client.recv_getTopologyInfo(Nimbus.java:1182)
> at 
> org.apache.storm.generated.Nimbus$Client.getTopologyInfo(Nimbus.java:1169)
> at 
> org.hw.metron.lib.storm.StormClient.isTopologyRunning(StormClient.java:150)
> at 
> org.hw.metron.lib.storm.StormClient.startTopology(StormClient.java:68)
> at 
> functional.SnortTopologyTest.snortElasticsearchIndexTest(SnortTopologyTest.java:36)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at 
> org.testng.internal.MethodInvocationHelper.invokeMethod(MethodInvocationHelper.java:86)
> at org.testng.internal.Invoker.invokeMethod(Invoker.java:643)
> at org.testng.internal.Invoker.invokeTestMethod(Invoker.java:820)
> at org.testng.internal.Invoker.invokeTestMethods(Invoker.java:1128)
> at 
> org.testng.internal.TestMethodWorker.invokeTestMethods(TestMethodWorker.java:129)
> at org.testng.internal.TestMethodWorker.run(TestMethodWorker.java:112)
> at org.testng.TestRunner.privateRun(TestRunner.java:782)
> at org.testng.TestRunner.run(TestRunner.java:632)
> at org.testng.SuiteRunner.runTest(SuiteRunner.java:366)
> at org.testng.SuiteRunner.runSequentially(SuiteRunner.java:361)
> at org.testng.SuiteRunner.privateRun(SuiteRunner.java:319)
> at org.testng.SuiteRunner.run(SuiteRunner.java:268)
> at org.testng.SuiteRunnerWorker.runSuite(SuiteRunnerWorker.java:52)
> at org.testng.SuiteRunnerWorker.run(SuiteRunnerWorker.java:86)
> at org.testng.TestNG.runSuitesSequentially(TestNG.java:1244)
> at org.testng.TestNG.runSuitesLocally(TestNG.java:1169)
> at org.testng.TestNG.run(TestNG.java:1064)
> at 
> org.apache.maven.surefire.testng.TestNGExecutor.run(TestNGExecutor.java:295)
> at 
> org.apache.maven.surefire.testng.TestNGXmlTestSuite.execute(TestNGXmlTestSuite.java:84)
> at 
> org.apache.maven.surefire.testng.TestNGProvider.invoke(TestNGProvider.java:90)
> at 
> org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:203)
> at 
> org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:155)
> at 
> 

[jira] [Updated] (METRON-1349) Full Dev Builds Metron Twice

[Nick Allen (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-1349?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nick Allen updated METRON-1349:
---
Fix Version/s: Next + 1

> Full Dev Builds Metron Twice
> 
>
> Key: METRON-1349
> URL: https://issues.apache.org/jira/browse/METRON-1349
> Project: Metron
>  Issue Type: Bug
>Reporter: Nick Allen
>Assignee: Nick Allen
> Fix For: Next + 1
>
>
> When deploying Metron in Full Dev, the "Build Metron" step gets run twice.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (METRON-1336) Patching Can Result in Bad Configuration

[Nick Allen (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-1336?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nick Allen updated METRON-1336:
---
Fix Version/s: (was: 0.4.1)
   0.4.2

> Patching Can Result in Bad Configuration
> 
>
> Key: METRON-1336
> URL: https://issues.apache.org/jira/browse/METRON-1336
> Project: Metron
>  Issue Type: Bug
>Affects Versions: 0.4.1
>Reporter: Nick Allen
>Assignee: Nick Allen
> Fix For: 0.4.2
>
>
> When applying a patch with `zk_load_configs` the resulting configuration can 
> be invalid.  The resulting configuration should be validated so that a patch 
> can never result in an invalid configuration.
> For example, applying the following patch with `zk_load_config` to the 
> Profiler yields a broken Profiler configuration.
> {code}
> [  
>{  
>   "path":"profiles",
>   "value":{  
>  "profile":"sketchy_mad",
>  "onlyif":"true",
>  "update":{  
> "s":"OUTLIER_MAD_ADD(s, value)"
>  },
>  "init":{  
> "s":"OUTLIER_MAD_STATE_MERGE(PROFILE_GET('sketchy_mad','global', 
> PROFILE_FIXED(5, 'MINUTES')))"
>  },
>  "foreach":"'global'",
>  "result":"s"
>   },
>   "op":"add"
>}
> ]
> {code}
> The broken configuration is only discovered after dumping the configuration.
> {code}
> $ bin/zk_load_configs.sh -z $ZOOKEEPER -m DUMP -c PROFILER
> Exception in thread "main" java.lang.RuntimeException: Unable to load {
>   "profiles" : {
> "profile" : "sketchy_mad",
> "onlyif" : "true",
> "update" : {
>   "s" : "OUTLIER_MAD_ADD(s, value)"
> },
> "init" : {
>   "s" : "OUTLIER_MAD_STATE_MERGE(PROFILE_GET('sketchy_mad','global', 
> PROFILE_FIXED(5, 'MINUTES')))"
> },
> "foreach" : "'global'",
> "result" : "s"
>   }
> }
>   at 
> org.apache.metron.common.configuration.ConfigurationType.lambda$static$4(ConfigurationType.java:68)
>   at 
> org.apache.metron.common.configuration.ConfigurationType.deserialize(ConfigurationType.java:93)
>   at 
> org.apache.metron.common.configuration.ConfigurationsUtils.lambda$dumpConfigs$6(ConfigurationsUtils.java:621)
>   at 
> org.apache.metron.common.configuration.ConfigurationsUtils.visitConfigs(ConfigurationsUtils.java:575)
>   at 
> org.apache.metron.common.configuration.ConfigurationsUtils.dumpConfigs(ConfigurationsUtils.java:619)
>   at 
> org.apache.metron.common.cli.ConfigurationManager.dump(ConfigurationManager.java:189)
>   at 
> org.apache.metron.common.cli.ConfigurationManager.run(ConfigurationManager.java:268)
>   at 
> org.apache.metron.common.cli.ConfigurationManager.run(ConfigurationManager.java:243)
>   at 
> org.apache.metron.common.cli.ConfigurationManager.main(ConfigurationManager.java:355)
> Caused by: org.apache.metron.jackson.databind.JsonMappingException: Can not 
> deserialize instance of java.util.ArrayList out of START_OBJECT token
>  at [Source: {
>   "profiles" : {
> "profile" : "sketchy_mad",
> "onlyif" : "true",
> "update" : {
>   "s" : "OUTLIER_MAD_ADD(s, value)"
> },
> "init" : {
>   "s" : "OUTLIER_MAD_STATE_MERGE(PROFILE_GET('sketchy_mad','global', 
> PROFILE_FIXED(5, 'MINUTES')))"
> },
> "foreach" : "'global'",
> "result" : "s"
>   }
> }; line: 2, column: 16] (through reference chain: 
> org.apache.metron.common.configuration.profiler.ProfilerConfig["profiles"])
>   at 
> org.apache.metron.jackson.databind.JsonMappingException.from(JsonMappingException.java:255)
>   at 
> org.apache.metron.jackson.databind.DeserializationContext.mappingException(DeserializationContext.java:971)
>   at 
> org.apache.metron.jackson.databind.DeserializationContext.mappingException(DeserializationContext.java:967)
>   at 
> org.apache.metron.jackson.databind.deser.std.CollectionDeserializer.handleNonArray(CollectionDeserializer.java:327)
>   at 
> org.apache.metron.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:259)
>   at 
> org.apache.metron.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:249)
>   at 
> org.apache.metron.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:26)
>   at 
> org.apache.metron.jackson.databind.deser.SettableBeanProperty.deserialize(SettableBeanProperty.java:490)
>   at 
> org.apache.metron.jackson.databind.deser.impl.MethodProperty.deserializeAndSet(MethodProperty.java:95)
>   at 
> org.apache.metron.jackson.databind.deser.BeanDeserializer.vanillaDeserialize(BeanDeserializer.java:260)
>   at 
> org.apache.metron.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:125)
>   at 
> 

[jira] [Updated] (METRON-1336) Patching Can Result in Bad Configuration

[Nick Allen (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-1336?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nick Allen updated METRON-1336:
---
Affects Version/s: 0.4.1

> Patching Can Result in Bad Configuration
> 
>
> Key: METRON-1336
> URL: https://issues.apache.org/jira/browse/METRON-1336
> Project: Metron
>  Issue Type: Bug
>Affects Versions: 0.4.1
>Reporter: Nick Allen
>Assignee: Nick Allen
> Fix For: 0.4.2
>
>
> When applying a patch with `zk_load_configs` the resulting configuration can 
> be invalid.  The resulting configuration should be validated so that a patch 
> can never result in an invalid configuration.
> For example, applying the following patch with `zk_load_config` to the 
> Profiler yields a broken Profiler configuration.
> {code}
> [  
>{  
>   "path":"profiles",
>   "value":{  
>  "profile":"sketchy_mad",
>  "onlyif":"true",
>  "update":{  
> "s":"OUTLIER_MAD_ADD(s, value)"
>  },
>  "init":{  
> "s":"OUTLIER_MAD_STATE_MERGE(PROFILE_GET('sketchy_mad','global', 
> PROFILE_FIXED(5, 'MINUTES')))"
>  },
>  "foreach":"'global'",
>  "result":"s"
>   },
>   "op":"add"
>}
> ]
> {code}
> The broken configuration is only discovered after dumping the configuration.
> {code}
> $ bin/zk_load_configs.sh -z $ZOOKEEPER -m DUMP -c PROFILER
> Exception in thread "main" java.lang.RuntimeException: Unable to load {
>   "profiles" : {
> "profile" : "sketchy_mad",
> "onlyif" : "true",
> "update" : {
>   "s" : "OUTLIER_MAD_ADD(s, value)"
> },
> "init" : {
>   "s" : "OUTLIER_MAD_STATE_MERGE(PROFILE_GET('sketchy_mad','global', 
> PROFILE_FIXED(5, 'MINUTES')))"
> },
> "foreach" : "'global'",
> "result" : "s"
>   }
> }
>   at 
> org.apache.metron.common.configuration.ConfigurationType.lambda$static$4(ConfigurationType.java:68)
>   at 
> org.apache.metron.common.configuration.ConfigurationType.deserialize(ConfigurationType.java:93)
>   at 
> org.apache.metron.common.configuration.ConfigurationsUtils.lambda$dumpConfigs$6(ConfigurationsUtils.java:621)
>   at 
> org.apache.metron.common.configuration.ConfigurationsUtils.visitConfigs(ConfigurationsUtils.java:575)
>   at 
> org.apache.metron.common.configuration.ConfigurationsUtils.dumpConfigs(ConfigurationsUtils.java:619)
>   at 
> org.apache.metron.common.cli.ConfigurationManager.dump(ConfigurationManager.java:189)
>   at 
> org.apache.metron.common.cli.ConfigurationManager.run(ConfigurationManager.java:268)
>   at 
> org.apache.metron.common.cli.ConfigurationManager.run(ConfigurationManager.java:243)
>   at 
> org.apache.metron.common.cli.ConfigurationManager.main(ConfigurationManager.java:355)
> Caused by: org.apache.metron.jackson.databind.JsonMappingException: Can not 
> deserialize instance of java.util.ArrayList out of START_OBJECT token
>  at [Source: {
>   "profiles" : {
> "profile" : "sketchy_mad",
> "onlyif" : "true",
> "update" : {
>   "s" : "OUTLIER_MAD_ADD(s, value)"
> },
> "init" : {
>   "s" : "OUTLIER_MAD_STATE_MERGE(PROFILE_GET('sketchy_mad','global', 
> PROFILE_FIXED(5, 'MINUTES')))"
> },
> "foreach" : "'global'",
> "result" : "s"
>   }
> }; line: 2, column: 16] (through reference chain: 
> org.apache.metron.common.configuration.profiler.ProfilerConfig["profiles"])
>   at 
> org.apache.metron.jackson.databind.JsonMappingException.from(JsonMappingException.java:255)
>   at 
> org.apache.metron.jackson.databind.DeserializationContext.mappingException(DeserializationContext.java:971)
>   at 
> org.apache.metron.jackson.databind.DeserializationContext.mappingException(DeserializationContext.java:967)
>   at 
> org.apache.metron.jackson.databind.deser.std.CollectionDeserializer.handleNonArray(CollectionDeserializer.java:327)
>   at 
> org.apache.metron.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:259)
>   at 
> org.apache.metron.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:249)
>   at 
> org.apache.metron.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:26)
>   at 
> org.apache.metron.jackson.databind.deser.SettableBeanProperty.deserialize(SettableBeanProperty.java:490)
>   at 
> org.apache.metron.jackson.databind.deser.impl.MethodProperty.deserializeAndSet(MethodProperty.java:95)
>   at 
> org.apache.metron.jackson.databind.deser.BeanDeserializer.vanillaDeserialize(BeanDeserializer.java:260)
>   at 
> org.apache.metron.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:125)
>   at 
> 

[jira] [Updated] (METRON-1334) Add C++11 Compliance Check to 'platform-info.sh'

[Nick Allen (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-1334?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nick Allen updated METRON-1334:
---
Affects Version/s: 0.4.1

> Add C++11 Compliance Check to 'platform-info.sh'
> 
>
> Key: METRON-1334
> URL: https://issues.apache.org/jira/browse/METRON-1334
> Project: Metron
>  Issue Type: Sub-task
>Affects Versions: 0.4.1
>Reporter: Nick Allen
>Assignee: Nick Allen
> Fix For: 0.4.2
>
>
> Some of the module dependencies for the Management and Alerts UI must be 
> built natively on the host. This requires a C/C++ compiler. In addition, some 
> of the dependencies require a C++11 compliant compiler. This is causing 
> problems for users who attempt to build Metron on a system with an older 
> version of GCC, like CentOS 6.
> Not having a C++11 compliant compiler can cause some non-obvious error 
> messages when the build fails. This adds a version check for GCC and also a 
> C++11 compliance check. The compiler itself must be on the user's PATH, which 
> is what the Node modules also require.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (METRON-1338) Rat Check Should Ignore Vagrant Retry Files

[Nick Allen (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-1338?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nick Allen updated METRON-1338:
---
Fix Version/s: (was: 0.4.1)
   0.4.2

> Rat Check Should Ignore Vagrant Retry Files
> ---
>
> Key: METRON-1338
> URL: https://issues.apache.org/jira/browse/METRON-1338
> Project: Metron
>  Issue Type: Bug
>Affects Versions: 0.4.1
>Reporter: Nick Allen
>Assignee: Nick Allen
>Priority: Trivial
> Fix For: 0.4.2
>
>
> When Vagrant fails, it generates a *.retry file.  These files are ignored by 
> Git, but will unnecessarily fail a build because of the Rat check.  This has 
> annoyed me to no end.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (METRON-1334) Add C++11 Compliance Check to 'platform-info.sh'

[Nick Allen (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-1334?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nick Allen updated METRON-1334:
---
Fix Version/s: (was: 0.4.1)
   0.4.2

> Add C++11 Compliance Check to 'platform-info.sh'
> 
>
> Key: METRON-1334
> URL: https://issues.apache.org/jira/browse/METRON-1334
> Project: Metron
>  Issue Type: Sub-task
>Affects Versions: 0.4.1
>Reporter: Nick Allen
>Assignee: Nick Allen
> Fix For: 0.4.2
>
>
> Some of the module dependencies for the Management and Alerts UI must be 
> built natively on the host. This requires a C/C++ compiler. In addition, some 
> of the dependencies require a C++11 compliant compiler. This is causing 
> problems for users who attempt to build Metron on a system with an older 
> version of GCC, like CentOS 6.
> Not having a C++11 compliant compiler can cause some non-obvious error 
> messages when the build fails. This adds a version check for GCC and also a 
> C++11 compliance check. The compiler itself must be on the user's PATH, which 
> is what the Node modules also require.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (METRON-1338) Rat Check Should Ignore Vagrant Retry Files

[Nick Allen (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-1338?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nick Allen updated METRON-1338:
---
Affects Version/s: 0.4.1

> Rat Check Should Ignore Vagrant Retry Files
> ---
>
> Key: METRON-1338
> URL: https://issues.apache.org/jira/browse/METRON-1338
> Project: Metron
>  Issue Type: Bug
>Affects Versions: 0.4.1
>Reporter: Nick Allen
>Assignee: Nick Allen
>Priority: Trivial
> Fix For: 0.4.2
>
>
> When Vagrant fails, it generates a *.retry file.  These files are ignored by 
> Git, but will unnecessarily fail a build because of the Rat check.  This has 
> annoyed me to no end.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (METRON-1310) "Template Delete" Action Deletes Search Indices

[Nick Allen (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-1310?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nick Allen updated METRON-1310:
---
Fix Version/s: (was: Next + 1)
   0.4.2

> "Template Delete" Action Deletes Search Indices
> ---
>
> Key: METRON-1310
> URL: https://issues.apache.org/jira/browse/METRON-1310
> Project: Metron
>  Issue Type: Bug
>Affects Versions: 0.4.1
>Reporter: Nick Allen
>Assignee: Nick Allen
> Fix For: 0.4.2
>
>
> The "Elasticsearch Template Delete" service action available within the 
> Indexing service actually deletes the search indices, rather than just 
> deleting the template definitions themselves.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (METRON-1301) Alerts UI - Sorting on Triage Score Unexpectedly Filters Some Records

[Nick Allen (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-1301?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nick Allen updated METRON-1301:
---
Fix Version/s: (was: Next + 1)
   0.4.2

> Alerts UI - Sorting on Triage Score Unexpectedly Filters Some Records
> -
>
> Key: METRON-1301
> URL: https://issues.apache.org/jira/browse/METRON-1301
> Project: Metron
>  Issue Type: Bug
>Affects Versions: 0.4.1
>Reporter: Nick Allen
>Assignee: Nick Allen
> Fix For: 0.4.2
>
> Attachments: 01-Alerts-UI-default-view.png, 02-Sort-on-Score-field.png
>
>
> Sorting on a field like threat triage score in the Alerts UI removes any 
> records that do not have a threat triage score defined from the search 
> results.
> For example, I have 7 records when sorted by timestamp.  All 7 records have a 
> timestamp field.
> After sorting by score (threat triage score) there are only 5 records.  The 2 
> records missing a threat triage score are no longer included.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (METRON-1311) Service Check Should Check Elasticsearch Index Templates

[Nick Allen (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-1311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nick Allen updated METRON-1311:
---
Fix Version/s: (was: Next + 1)
   0.4.2

> Service Check Should Check Elasticsearch Index Templates
> 
>
> Key: METRON-1311
> URL: https://issues.apache.org/jira/browse/METRON-1311
> Project: Metron
>  Issue Type: Bug
>Affects Versions: 0.4.1
>Reporter: Nick Allen
>Assignee: Nick Allen
> Fix For: 0.4.2
>
>
> The Service Check in Ambari does not validate that the Elasticsearch index 
> templates have been installed.  Without these index templates bad things can 
> happen.  For example, the Alerts UI will not be able to display any alerts.
> The Elasticsearch index templates that are installed by Ambari should also be 
> checked as part of the Metron Service Check.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (METRON-1295) Unable to Configure Logging for REST API

[Nick Allen (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-1295?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nick Allen updated METRON-1295:
---
Fix Version/s: 0.4.2

> Unable to Configure Logging for REST API
> 
>
> Key: METRON-1295
> URL: https://issues.apache.org/jira/browse/METRON-1295
> Project: Metron
>  Issue Type: Bug
>Reporter: Nick Allen
>Assignee: Nick Allen
> Fix For: 0.4.2
>
>
> I have not been able to configure logging for the REST API.  To replicate, 
> create a log4j configuration file, then add the following to "Metron JVM 
> Flags" in Ambari > Metron > Config.
> {code}
> -Dlog4j.debug 
> -Dlog4j.configuration=file:/usr/metron/0.4.2/config/log4j.properties
> {code}
> This will result in the following exception when Log4j initializes.
> {code}
> log4j: Using URL [file:/usr/metron/0.4.2/config/log4j.properties] for 
> automatic log4j configuration.
> log4j: Reading configuration from URL 
> file:/usr/metron/0.4.2/config/log4j.properties
> log4j: Parsing for [root] with value=[INFO, file].
> log4j: Level token is [INFO].
> log4j: Category root set to INFO
> log4j: Parsing appender named "file".
> log4j:ERROR A "org.apache.log4j.RollingFileAppender" object is not assignable 
> to a "org.apache.hadoop.hbase.shaded.org.apache.log4j.Appender" variable.
> log4j:ERROR The class 
> "org.apache.hadoop.hbase.shaded.org.apache.log4j.Appender" was loaded by
> log4j:ERROR [sun.misc.Launcher$AppClassLoader@5c647e05] whereas object of type
> log4j:ERROR "org.apache.log4j.RollingFileAppender" was loaded by 
> [sun.misc.Launcher$AppClassLoader@5c647e05].
> log4j:ERROR Could not instantiate appender named "file".
> log4j: Finished configuring.
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (METRON-1266) Profiler - SASL Authentication Failed

[Nick Allen (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-1266?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nick Allen updated METRON-1266:
---
Fix Version/s: (was: Next + 1)
   0.4.2

> Profiler - SASL Authentication Failed
> -
>
> Key: METRON-1266
> URL: https://issues.apache.org/jira/browse/METRON-1266
> Project: Metron
>  Issue Type: Bug
>Affects Versions: 0.4.1
>Reporter: Nick Allen
>Assignee: Nick Allen
> Fix For: 0.4.2
>
>
> When running the Profiler on a cluster that has multiple nodes and is secured 
> by Kerberos, it was observed that the HBaseBolt was unable to write to HBase. 
>  The Storm worker running the HBaseBolt logged the following exception.  This 
> does not occur all the time and does not occur in all environments.
> {code}
> 2017-10-19 14:51:00.146 o.a.h.h.i.AbstractRpcClient [ERROR] SASL 
> authentication failed. The most likely cause is missing or invalid 
> credentials. Consider 'kinit'.
> javax.security.sasl.SaslException: GSS initiate failed
>   at 
> com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211)
>  ~[?:1.8.0_144]
>   at 
> org.apache.hadoop.hbase.security.HBaseSaslRpcClient.saslConnect(HBaseSaslRpcClient.java:179)
>  ~[stormjar.jar:?]
>   at 
> org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.setupSaslConnection(RpcClientImpl.java:609)
>  ~[stormjar.jar:?]
>   at 
> org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.access$600(RpcClientImpl.java:154)
>  [stormjar.jar:?]
>   at 
> org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection$2.run(RpcClientImpl.java:735)
>  ~[stormjar.jar:?]
>   at 
> org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection$2.run(RpcClientImpl.java:732)
>  ~[stormjar.jar:?]
>   at java.security.AccessController.doPrivileged(Native Method) 
> ~[?:1.8.0_144]
>   at javax.security.auth.Subject.doAs(Subject.java:422) ~[?:1.8.0_144]
>   at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1657)
>  ~[stormjar.jar:?]
>   at 
> org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.setupIOstreams(RpcClientImpl.java:732)
>  [stormjar.jar:?]
>   at 
> org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.writeRequest(RpcClientImpl.java:885)
>  [stormjar.jar:?]
>   at 
> org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.tracedWriteRequest(RpcClientImpl.java:854)
>  [stormjar.jar:?]
>   at 
> org.apache.hadoop.hbase.ipc.RpcClientImpl.call(RpcClientImpl.java:1180) 
> [stormjar.jar:?]
>   at 
> org.apache.hadoop.hbase.ipc.AbstractRpcClient.callBlockingMethod(AbstractRpcClient.java:213)
>  [stormjar.jar:?]
>   at 
> org.apache.hadoop.hbase.ipc.AbstractRpcClient$BlockingRpcChannelImplementation.callBlockingMethod(AbstractRpcClient.java:287)
>  [stormjar.jar:?]
>   at 
> org.apache.hadoop.hbase.protobuf.generated.ClientProtos$ClientService$BlockingStub.scan(ClientProtos.java:32651)
>  [stormjar.jar:?]
>   at 
> org.apache.hadoop.hbase.client.ClientSmallScanner$SmallScannerCallable.call(ClientSmallScanner.java:201)
>  [stormjar.jar:?]
>   at 
> org.apache.hadoop.hbase.client.ClientSmallScanner$SmallScannerCallable.call(ClientSmallScanner.java:180)
>  [stormjar.jar:?]
>   at 
> org.apache.hadoop.hbase.client.RpcRetryingCaller.callWithoutRetries(RpcRetryingCaller.java:200)
>  [stormjar.jar:?]
>   at 
> org.apache.hadoop.hbase.client.ScannerCallableWithReplicas$RetryingRPC.call(ScannerCallableWithReplicas.java:369)
>  [stormjar.jar:?]
>   at 
> org.apache.hadoop.hbase.client.ScannerCallableWithReplicas$RetryingRPC.call(ScannerCallableWithReplicas.java:343)
>  [stormjar.jar:?]
>   at 
> org.apache.hadoop.hbase.client.RpcRetryingCaller.callWithRetries(RpcRetryingCaller.java:126)
>  [stormjar.jar:?]
>   at 
> org.apache.hadoop.hbase.client.ResultBoundedCompletionService$QueueingFuture.run(ResultBoundedCompletionService.java:64)
>  [stormjar.jar:?]
>   at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>  [?:1.8.0_144]
>   at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>  [?:1.8.0_144]
>   at java.lang.Thread.run(Thread.java:748) [?:1.8.0_144]
> Caused by: org.ietf.jgss.GSSException: No valid credentials provided 
> (Mechanism level: Failed to find any Kerberos tgt)
>   at 
> sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147)
>  ~[?:1.8.0_144]
>   at 
> sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122)
>  ~[?:1.8.0_144]
>   at 
> sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187)
>  ~[?:1.8.0_144]
>   at 
> sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:224) 
> ~[?:1.8.0_144]
>   at 
> 

[jira] [Updated] (METRON-1226) Searching Can Errantly Query the Wrong Indices

[Nick Allen (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-1226?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nick Allen updated METRON-1226:
---
Affects Version/s: 0.4.1

> Searching Can Errantly Query the Wrong Indices
> --
>
> Key: METRON-1226
> URL: https://issues.apache.org/jira/browse/METRON-1226
> Project: Metron
>  Issue Type: Bug
>Affects Versions: 0.4.1
>Reporter: Nick Allen
>Assignee: Nick Allen
> Fix For: 0.4.2
>
>
> The ElasticsearchDAO can errantly query the wrong indices under certain 
> conditions.  This can occur when there are at least two different sensors 
> that have been configured with a similar name prefix.
> For example, if you have have configured both a "snort" and "snort_v2" 
> sensor, the query generated by the ElasticsearchDAO will hit both of those 
> indices, when in fact only one or the other is desired.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (METRON-1260) Include Alerts UI in Ambari Service Check

[Nick Allen (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-1260?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nick Allen updated METRON-1260:
---
Fix Version/s: 0.4.2

> Include Alerts UI in Ambari Service Check
> -
>
> Key: METRON-1260
> URL: https://issues.apache.org/jira/browse/METRON-1260
> Project: Metron
>  Issue Type: Bug
>Affects Versions: 0.4.1
>Reporter: Nick Allen
>Assignee: Nick Allen
> Fix For: 0.4.2
>
>
> The Alerts UI is not currently included in the Metron Service Check that is a 
> part of the Ambari MPack.  This should be added.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (METRON-1260) Include Alerts UI in Ambari Service Check

[Nick Allen (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-1260?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nick Allen updated METRON-1260:
---
Affects Version/s: 0.4.1

> Include Alerts UI in Ambari Service Check
> -
>
> Key: METRON-1260
> URL: https://issues.apache.org/jira/browse/METRON-1260
> Project: Metron
>  Issue Type: Bug
>Affects Versions: 0.4.1
>Reporter: Nick Allen
>Assignee: Nick Allen
> Fix For: 0.4.2
>
>
> The Alerts UI is not currently included in the Metron Service Check that is a 
> part of the Ambari MPack.  This should be added.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (METRON-1226) Searching Can Errantly Query the Wrong Indices

[Nick Allen (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-1226?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nick Allen updated METRON-1226:
---
Fix Version/s: 0.4.2

> Searching Can Errantly Query the Wrong Indices
> --
>
> Key: METRON-1226
> URL: https://issues.apache.org/jira/browse/METRON-1226
> Project: Metron
>  Issue Type: Bug
>Affects Versions: 0.4.1
>Reporter: Nick Allen
>Assignee: Nick Allen
> Fix For: 0.4.2
>
>
> The ElasticsearchDAO can errantly query the wrong indices under certain 
> conditions.  This can occur when there are at least two different sensors 
> that have been configured with a similar name prefix.
> For example, if you have have configured both a "snort" and "snort_v2" 
> sensor, the query generated by the ElasticsearchDAO will hit both of those 
> indices, when in fact only one or the other is desired.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (METRON-1194) Add Profiler Debug Functions to Profiler README

[Nick Allen (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-1194?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nick Allen updated METRON-1194:
---
Fix Version/s: 0.4.2

> Add Profiler Debug Functions to Profiler README
> ---
>
> Key: METRON-1194
> URL: https://issues.apache.org/jira/browse/METRON-1194
> Project: Metron
>  Issue Type: Improvement
>Reporter: Nick Allen
>Assignee: Nick Allen
> Fix For: 0.4.2
>
>
> The Profiler Debugging functions provide a simple means for users to get up 
> and running with the Profiler.  Update the README to use this new 
> functionality to introduce new users to these functions.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (METRON-1156) Simulate Triage Rules in the Stellar REPL

[Nick Allen (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-1156?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nick Allen updated METRON-1156:
---
Fix Version/s: (was: Next + 1)
   0.4.2

> Simulate Triage Rules in the Stellar REPL
> -
>
> Key: METRON-1156
> URL: https://issues.apache.org/jira/browse/METRON-1156
> Project: Metron
>  Issue Type: New Feature
>Affects Versions: 0.4.1
>Reporter: Nick Allen
>Assignee: Nick Allen
> Fix For: 0.4.2
>
>
> Troubleshooting issues when programming against a live stream of data is 
> difficult. It would be useful to have a means to run the entire threat triage 
> process within the REPL before deploying your rule set on a Metron cluster.  
> This creates a set of functions to allow simulation of Threat Triage inside 
> of the Stellar REPL.  This is useful for creating new triage rules, debugging 
> existing triage rules, and to iterate quickly when testing rule sets.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (METRON-1156) Simulate Triage Rules in the Stellar REPL

[Nick Allen (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-1156?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nick Allen updated METRON-1156:
---
Affects Version/s: 0.4.1

> Simulate Triage Rules in the Stellar REPL
> -
>
> Key: METRON-1156
> URL: https://issues.apache.org/jira/browse/METRON-1156
> Project: Metron
>  Issue Type: New Feature
>Affects Versions: 0.4.1
>Reporter: Nick Allen
>Assignee: Nick Allen
> Fix For: 0.4.2
>
>
> Troubleshooting issues when programming against a live stream of data is 
> difficult. It would be useful to have a means to run the entire threat triage 
> process within the REPL before deploying your rule set on a Metron cluster.  
> This creates a set of functions to allow simulation of Threat Triage inside 
> of the Stellar REPL.  This is useful for creating new triage rules, debugging 
> existing triage rules, and to iterate quickly when testing rule sets.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (METRON-1198) Pycapa - No such configuration property: "sasl.kerberos.principal"

[Nick Allen (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-1198?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nick Allen updated METRON-1198:
---
Fix Version/s: (was: Next + 1)
   0.4.2

> Pycapa - No such configuration property: "sasl.kerberos.principal"
> --
>
> Key: METRON-1198
> URL: https://issues.apache.org/jira/browse/METRON-1198
> Project: Metron
>  Issue Type: Improvement
>Affects Versions: 0.4.1
>Reporter: Nick Allen
>Assignee: Nick Allen
> Fix For: 0.4.2
>
>
> When running pycapa in a Kerberized environment, but without a version of 
> librdkafka built with SASL support, it can produce error messages that 
> look-like the following.
> {code}
> KafkaError{code=_INVALID_ARG,val=-186,str="No such configuration property: 
> "sasl.kerberos.principal""}
> {code}
> This can happen when a user accidentally installs multiple version of 
> librdkafka and the version that the Python interpreter links to is the one 
> without SASL support.
> I am going to update the README to doc this specific condition.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (METRON-1187) Indexing/Profiler Kafka ACL Groups Not Setup Correctly

[Nick Allen (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-1187?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nick Allen updated METRON-1187:
---
Affects Version/s: (was: 0.4.0)
   0.4.1

> Indexing/Profiler Kafka ACL Groups Not Setup Correctly
> --
>
> Key: METRON-1187
> URL: https://issues.apache.org/jira/browse/METRON-1187
> Project: Metron
>  Issue Type: Bug
>Affects Versions: 0.4.1
>Reporter: Nick Allen
>Assignee: Nick Allen
> Fix For: 0.4.2
>
>
> When kerberizing Metron using the MPack, either the Profiler or the Indexing 
> Kafka ACL groups will not authorize the 'metron' user.  This will only work 
> correctly for the component which is executed first.
> This can lead to an error in either the Profiler or Indexing topology that 
> looks like the following.
> {code}
> 2017-09-14 07:29:52.984 o.a.s.util [ERROR] Async loop died!
> org.apache.kafka.common.errors.GroupAuthorizationException: Not authorized to 
> access group: indexing
> {code}
> Manually checking confirms the problem.
> {code}
> [root@XXX ambari-server]# /usr/hdp/current/kafka-broker/bin/kafka-acls.sh 
> --authorizer-properties zookeeper.connect=${ZOOKEEPER} --list
> [2017-09-14 12:09:26,284] WARN read null data from 
> /kafka-acl-changes/acl_changes_04 when processing notification 
> acl_changes_04 (kafka.common.ZkNodeChangeNotificationListener)
> [2017-09-14 12:09:26,304] WARN read null data from 
> /kafka-acl-changes/acl_changes_05 when processing notification 
> acl_changes_05 (kafka.common.ZkNodeChangeNotificationListener)
> [2017-09-14 12:09:26,315] WARN read null data from 
> /kafka-acl-changes/acl_changes_06 when processing notification 
> acl_changes_06 (kafka.common.ZkNodeChangeNotificationListener)
> [2017-09-14 12:09:26,321] WARN read null data from 
> /kafka-acl-changes/acl_changes_07 when processing notification 
> acl_changes_07 (kafka.common.ZkNodeChangeNotificationListener)
> [2017-09-14 12:09:26,323] WARN read null data from 
> /kafka-acl-changes/acl_changes_08 when processing notification 
> acl_changes_08 (kafka.common.ZkNodeChangeNotificationListener)
> [2017-09-14 12:09:26,325] WARN read null data from 
> /kafka-acl-changes/acl_changes_09 when processing notification 
> acl_changes_09 (kafka.common.ZkNodeChangeNotificationListener)
> [2017-09-14 12:09:26,327] WARN read null data from 
> /kafka-acl-changes/acl_changes_10 when processing notification 
> acl_changes_10 (kafka.common.ZkNodeChangeNotificationListener)
> [2017-09-14 12:09:26,337] WARN read null data from 
> /kafka-acl-changes/acl_changes_11 when processing notification 
> acl_changes_11 (kafka.common.ZkNodeChangeNotificationListener)
> Current ACLs for resource `Group:bro_parser`:
>   User:metron has Allow permission for operations: All from hosts: *
> Current ACLs for resource `Topic:ambari_kafka_service_check`:
>   User:metron has Allow permission for operations: All from hosts: *
> Current ACLs for resource `Group:profiler`:
>   User:metron has Allow permission for operations: All from hosts: *
> [2017-09-14 12:09:26,349] WARN read null data from 
> /kafka-acl-changes/acl_changes_12 when processing notification 
> acl_changes_12 (kafka.common.ZkNodeChangeNotificationListener)
> Current ACLs for resource `Group:metron-rest`:
>   User:metron has Allow permission for operations: All from hosts: *
> Current ACLs for resource `Topic:enrichments`:
>   User:metron has Allow permission for operations: All from hosts: *
> Current ACLs for resource `Topic:snort`:
>   User:metron has Allow permission for operations: All from hosts: *
> Current ACLs for resource `Topic:yaf`:
>   User:metron has Allow permission for operations: All from hosts: *
> Current ACLs for resource `Group:enrichments`:
>   User:metron has Allow permission for operations: All from hosts: *
> [2017-09-14 12:09:26,351] WARN read null data from 
> /kafka-acl-changes/acl_changes_13 when processing notification 
> acl_changes_13 (kafka.common.ZkNodeChangeNotificationListener)
> Current ACLs for resource `Topic:__consumer_offsets`:
>   User:metron has Allow permission for operations: All from hosts: *
> Current ACLs for resource `Topic:bro`:
>   User:metron has Allow permission for operations: All from hosts: *
> Current ACLs for resource `Topic:escalation`:
>   User:metron has Allow permission for operations: All from hosts: *
> Current ACLs for resource `Group:yaf_parser`:
>   User:metron has Allow permission for operations: All from hosts: *
> Current ACLs for resource `Group:snort_parser`:
>   User:metron has Allow permission for operations: All from hosts: *
> Current 

[jira] [Updated] (METRON-1187) Indexing/Profiler Kafka ACL Groups Not Setup Correctly

[Nick Allen (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-1187?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nick Allen updated METRON-1187:
---
Fix Version/s: (was: Next + 1)
   0.4.2

> Indexing/Profiler Kafka ACL Groups Not Setup Correctly
> --
>
> Key: METRON-1187
> URL: https://issues.apache.org/jira/browse/METRON-1187
> Project: Metron
>  Issue Type: Bug
>Affects Versions: 0.4.1
>Reporter: Nick Allen
>Assignee: Nick Allen
> Fix For: 0.4.2
>
>
> When kerberizing Metron using the MPack, either the Profiler or the Indexing 
> Kafka ACL groups will not authorize the 'metron' user.  This will only work 
> correctly for the component which is executed first.
> This can lead to an error in either the Profiler or Indexing topology that 
> looks like the following.
> {code}
> 2017-09-14 07:29:52.984 o.a.s.util [ERROR] Async loop died!
> org.apache.kafka.common.errors.GroupAuthorizationException: Not authorized to 
> access group: indexing
> {code}
> Manually checking confirms the problem.
> {code}
> [root@XXX ambari-server]# /usr/hdp/current/kafka-broker/bin/kafka-acls.sh 
> --authorizer-properties zookeeper.connect=${ZOOKEEPER} --list
> [2017-09-14 12:09:26,284] WARN read null data from 
> /kafka-acl-changes/acl_changes_04 when processing notification 
> acl_changes_04 (kafka.common.ZkNodeChangeNotificationListener)
> [2017-09-14 12:09:26,304] WARN read null data from 
> /kafka-acl-changes/acl_changes_05 when processing notification 
> acl_changes_05 (kafka.common.ZkNodeChangeNotificationListener)
> [2017-09-14 12:09:26,315] WARN read null data from 
> /kafka-acl-changes/acl_changes_06 when processing notification 
> acl_changes_06 (kafka.common.ZkNodeChangeNotificationListener)
> [2017-09-14 12:09:26,321] WARN read null data from 
> /kafka-acl-changes/acl_changes_07 when processing notification 
> acl_changes_07 (kafka.common.ZkNodeChangeNotificationListener)
> [2017-09-14 12:09:26,323] WARN read null data from 
> /kafka-acl-changes/acl_changes_08 when processing notification 
> acl_changes_08 (kafka.common.ZkNodeChangeNotificationListener)
> [2017-09-14 12:09:26,325] WARN read null data from 
> /kafka-acl-changes/acl_changes_09 when processing notification 
> acl_changes_09 (kafka.common.ZkNodeChangeNotificationListener)
> [2017-09-14 12:09:26,327] WARN read null data from 
> /kafka-acl-changes/acl_changes_10 when processing notification 
> acl_changes_10 (kafka.common.ZkNodeChangeNotificationListener)
> [2017-09-14 12:09:26,337] WARN read null data from 
> /kafka-acl-changes/acl_changes_11 when processing notification 
> acl_changes_11 (kafka.common.ZkNodeChangeNotificationListener)
> Current ACLs for resource `Group:bro_parser`:
>   User:metron has Allow permission for operations: All from hosts: *
> Current ACLs for resource `Topic:ambari_kafka_service_check`:
>   User:metron has Allow permission for operations: All from hosts: *
> Current ACLs for resource `Group:profiler`:
>   User:metron has Allow permission for operations: All from hosts: *
> [2017-09-14 12:09:26,349] WARN read null data from 
> /kafka-acl-changes/acl_changes_12 when processing notification 
> acl_changes_12 (kafka.common.ZkNodeChangeNotificationListener)
> Current ACLs for resource `Group:metron-rest`:
>   User:metron has Allow permission for operations: All from hosts: *
> Current ACLs for resource `Topic:enrichments`:
>   User:metron has Allow permission for operations: All from hosts: *
> Current ACLs for resource `Topic:snort`:
>   User:metron has Allow permission for operations: All from hosts: *
> Current ACLs for resource `Topic:yaf`:
>   User:metron has Allow permission for operations: All from hosts: *
> Current ACLs for resource `Group:enrichments`:
>   User:metron has Allow permission for operations: All from hosts: *
> [2017-09-14 12:09:26,351] WARN read null data from 
> /kafka-acl-changes/acl_changes_13 when processing notification 
> acl_changes_13 (kafka.common.ZkNodeChangeNotificationListener)
> Current ACLs for resource `Topic:__consumer_offsets`:
>   User:metron has Allow permission for operations: All from hosts: *
> Current ACLs for resource `Topic:bro`:
>   User:metron has Allow permission for operations: All from hosts: *
> Current ACLs for resource `Topic:escalation`:
>   User:metron has Allow permission for operations: All from hosts: *
> Current ACLs for resource `Group:yaf_parser`:
>   User:metron has Allow permission for operations: All from hosts: *
> Current ACLs for resource `Group:snort_parser`:
>   User:metron has Allow permission for operations: All from hosts: *
> Current ACLs 

[jira] [Updated] (METRON-1183) Improve KDC Setup Instructions

[Nick Allen (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-1183?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nick Allen updated METRON-1183:
---
Affects Version/s: (was: 0.3.1)
   0.4.1

> Improve KDC Setup Instructions
> --
>
> Key: METRON-1183
> URL: https://issues.apache.org/jira/browse/METRON-1183
> Project: Metron
>  Issue Type: Improvement
>Affects Versions: 0.4.1
>Reporter: Nick Allen
>Assignee: Nick Allen
> Fix For: 0.4.2
>
>
> I use the instructions that we have in Kerberos-ambari-setup.md and 
> Kerberos-manual-setup.md all the time when testing under Kerberization.  
> There are a few changes that could make it easier to grok and copy/paste as 
> needed.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (METRON-1183) Improve KDC Setup Instructions

[Nick Allen (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-1183?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nick Allen updated METRON-1183:
---
Affects Version/s: (was: 0.4.0)
   0.3.1

> Improve KDC Setup Instructions
> --
>
> Key: METRON-1183
> URL: https://issues.apache.org/jira/browse/METRON-1183
> Project: Metron
>  Issue Type: Improvement
>Affects Versions: 0.3.1
>Reporter: Nick Allen
>Assignee: Nick Allen
> Fix For: 0.4.0
>
>
> I use the instructions that we have in Kerberos-ambari-setup.md and 
> Kerberos-manual-setup.md all the time when testing under Kerberization.  
> There are a few changes that could make it easier to grok and copy/paste as 
> needed.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (METRON-1183) Improve KDC Setup Instructions

[Nick Allen (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-1183?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nick Allen updated METRON-1183:
---
Fix Version/s: (was: Next + 1)
   0.4.0

> Improve KDC Setup Instructions
> --
>
> Key: METRON-1183
> URL: https://issues.apache.org/jira/browse/METRON-1183
> Project: Metron
>  Issue Type: Improvement
>Affects Versions: 0.3.1
>Reporter: Nick Allen
>Assignee: Nick Allen
> Fix For: 0.4.0
>
>
> I use the instructions that we have in Kerberos-ambari-setup.md and 
> Kerberos-manual-setup.md all the time when testing under Kerberization.  
> There are a few changes that could make it easier to grok and copy/paste as 
> needed.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (METRON-1362) Improve Metron Deployment README

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/METRON-1362?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292733#comment-16292733
 ] 

ASF GitHub Bot commented on METRON-1362:


Github user justinleet commented on a diff in the pull request:

https://github.com/apache/metron/pull/869#discussion_r157238284
  
--- Diff: metron-deployment/README.md ---
@@ -1,175 +1,127 @@
-# Overview
-This set of playbooks can be used to deploy an Ambari-managed Hadoop 
cluster containing Metron services using Ansible. These playbooks target 
RHEL/CentOS 6.x operating
-systems.
-
-Installation consists of -
-- Building Metron tarballs, RPMs and the Ambari MPack
-- Deploying Ambari
-- Leveraging Ambari to install:
-  * The required Hadoop Components
-  * Core Metron (Parsing, Enrichment, Indexing)
-  * Elasticsearch
-  * Kibana
-- Starting All Services
-
-## Prerequisites
-The following tools are required to run these scripts:
-
-- [Maven](https://maven.apache.org/)
-- [Git](https://git-scm.com/)
-- [Ansible](http://www.ansible.com/) (2.0.0.2 or 2.2.2.0)
-- [Docker](https://www.docker.com/) (Docker for Mac on OSX)
-
-These scripts depend on two files for configuration:
-
-- hosts - declares which Ansible roles will be run on which hosts
-- group_vars/all - various configuration settings needed to install Metron
-
-For production use, it is recommended that Metron be installed on an 
existing cluster managed by Ambari as described in the Installing Management 
Pack section below.
-## Ambari
-The Ambari playbook will install a Hadoop cluster including the Metron 
Services (Parsing, Enrichment, Indexing). Ambari will also install 
Elasticsearch and Kibana.
-
-Currently, the playbooks supports building a local development cluster 
running on one node or deploying to a 10 node cluster on AWS EC2.
-
-## Vagrant
-There is a development environment based on Vagrant that is referred to as 
"Full Dev".  This installs the entire Ambari/Metron stack. This is useful in 
testing out changes to the installation procedure.
-
-### Prerequsities
-- Install [Vagrant](https://www.vagrantup.com/) (5.0.16+)
-- Install the Hostmanager plugin for vagrant - Run `vagrant plugin install 
vagrant-hostmanager` on the machine where Vagrant is
-installed
-
-### Full-Dev
-Navigate to `metron/metron-deployment/vagrant/full-dev-platform` and run 
`vagrant up`.
-
-## Ambari Management Pack
-An Ambari Management Pack can be built in order to make the Metron service 
available on top of an existing stack, rather than needing a direct stack 
update.
-
-This will set up
-- Metron Parsers
-- Enrichment
-- Indexing
-- GeoIP data
-- Optional Elasticsearch
-- Optional Kibana
-
-### Prerequisites
+This project contains a variety of tools for deploying Apache Metron.  
Please refer to the following sections for more information on the best way to 
deploy Metron in your environment.
+
+ * [How do I deploy Metron on a single 
VM?](#how-do-i-deploy-metron-on-a-single-vm)
+ * [How do I deploy Metron on a large cluster with 
Ambari?](#how-do-i-deploy-metron-on-a-large-cluster-with-ambari)
+ * [How do I build RPM packages?](#how-do-i-build-rpm-packages)
+ * [How do I build DEB packages?](#how-do-i-build-deb-packages)
+ * [How do I deploy Metron within AWS?](#how-do-i-deploy-metron-within-aws)
+
+## How do I deploy Metron on a single VM?
+
+ Who is this for?
+
+If you are new to Metron and just want to explore the functionality that 
it offers, this is good place to start.  If you are a developer building on 
Metron, then this is also a great way to test out your changes.
+
+ What does this do?
+
+This option will deploy Metron on a virtual machine running on your 
computer.  This is often referred to as the "Full Dev" environment.  
+
+ How do I do it?
+Follow these [instructions to deploy Metron on a single 
VM](vagrant/full-dev-platform/README.md).
+
+ Where can I get more information?
+* [Full Dev Platform](vagrant/full-dev-platform)
+
+## How do I deploy Metron on a large cluster with Ambari?
+
+ Who is this for?
+
+If you want to see how Metron can really scale by deploying it on your own 
hardware, or even in your own cloud-based environment, this is the best option 
for you.
+
+ What does this do?
+
+This creates a Management Pack (MPack) extension for [Apache 
Ambari](https://ambari.apache.org/) that simplifies the provisioning, managing 
and monitoring of Metron on large clusters.  This allows you to easily install 
Metron on a large cluster using a simple, guided process.  This also allows you 
to monitor cluster 

[jira] [Updated] (METRON-1363) Autogenerate Stellar Documentation

[Justin Leet (JIRA)]

 [ 
https://issues.apache.org/jira/browse/METRON-1363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Justin Leet updated METRON-1363:

Summary: Autogenerate Stellar Documentation  (was: Autogenerate Stellar 
Annotations)

> Autogenerate Stellar Documentation
> --
>
> Key: METRON-1363
> URL: https://issues.apache.org/jira/browse/METRON-1363
> Project: Metron
>  Issue Type: Improvement
>Reporter: Justin Leet
>Assignee: Justin Leet
>
> As discussed in this 
> [thread|https://lists.apache.org/thread.html/c6eefc77475d3aaa3feccff52399483d63bff00fadddbd31ce3f0fc8@%3Cdev.metron.apache.org%3E],
>  it would be nice to autogenerate the Stellar documentation we currently 
> maintain by hand.
> A minimal POC is at https://github.com/justinleet/metron/tree/stellardoc
> Considerations to be addressed
> 1) Consolidation across projects.  Stellar functions live across projects 
> projects, and we should be able to consolidate all of them (without dupes)
> 2) Potentially abstracting generating the markdown from the actual annotation 
> parsing. Given that consolidation across projects might necessitate a second 
> pass anyway, just writing things into some format (e.g. JSON) and generating 
> markdown later may be nice.
> 3) Make sure we don't break current Javadoc.
> 4) Some management of this.  Presumably it can be regenerated whenever and 
> kept in git.
> Nifi apparently also does some of this, so it might be worthwhile to adapt 
> it. 
> https://github.com/apache/nifi/tree/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-documentation/src/main/java/org/apache/nifi/documentation
> For a bit of context, I'd looked at seeing if we could generate something 
> similar to actual Javadocs by piggybacking on their impl, but everything in 
> there is essentially considered purely internal and subject to change for any 
> reason.
> There's also been some discussion of namespace documentation in 
> https://issues.apache.org/jira/browse/METRON-1361, that may affect this, but 
> depending on when that happens, incorporating some of that organization may 
> be follow-on.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (METRON-1363) Autogenerate Stellar Annotations

[Justin Leet (JIRA)]

Justin Leet created METRON-1363:
---

 Summary: Autogenerate Stellar Annotations
 Key: METRON-1363
 URL: https://issues.apache.org/jira/browse/METRON-1363
 Project: Metron
  Issue Type: Improvement
Reporter: Justin Leet
Assignee: Justin Leet


As discussed in this 
[thread|https://lists.apache.org/thread.html/c6eefc77475d3aaa3feccff52399483d63bff00fadddbd31ce3f0fc8@%3Cdev.metron.apache.org%3E],
 it would be nice to autogenerate the Stellar documentation we currently 
maintain by hand.

A minimal POC is at https://github.com/justinleet/metron/tree/stellardoc

Considerations to be addressed
1) Consolidation across projects.  Stellar functions live across projects 
projects, and we should be able to consolidate all of them (without dupes)
2) Potentially abstracting generating the markdown from the actual annotation 
parsing. Given that consolidation across projects might necessitate a second 
pass anyway, just writing things into some format (e.g. JSON) and generating 
markdown later may be nice.
3) Make sure we don't break current Javadoc.
4) Some management of this.  Presumably it can be regenerated whenever and kept 
in git.

Nifi apparently also does some of this, so it might be worthwhile to adapt it. 
https://github.com/apache/nifi/tree/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-documentation/src/main/java/org/apache/nifi/documentation

For a bit of context, I'd looked at seeing if we could generate something 
similar to actual Javadocs by piggybacking on their impl, but everything in 
there is essentially considered purely internal and subject to change for any 
reason.

There's also been some discussion of namespace documentation in 
https://issues.apache.org/jira/browse/METRON-1361, that may affect this, but 
depending on when that happens, incorporating some of that organization may be 
follow-on.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (METRON-1212) Bundles and Maven Plugin

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/METRON-1212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292500#comment-16292500
 ] 

ASF GitHub Bot commented on METRON-1212:


Github user JonZeolla commented on a diff in the pull request:

https://github.com/apache/metron/pull/865#discussion_r157196243
  
--- Diff: bundles-maven-plugin/README.md ---
@@ -0,0 +1,230 @@
+
+# Apache Metron Bundle Maven Plugin
+
+Apache Metron Bundles Maven Plugin helps to build Bundles Archives to 
support the classloader isolation model.
+
+## Table of Contents
+
+- [Requirements](#requirements)
+- [Building](#building)
+- [Getting Stared](#getting_started)
+- [Getting Help](#getting-help)
+- [License](#license)
+
+## Requirements
+* JDK 1.7 or higher
+* Apache Maven 3.1.0 or higher
+
+## Building 
+
+Building the bundles-maven-plugin module should be rare since it will be 
released infrequently compared to
+the main 'metron' code tree.
+
+- Build with `mvn clean install`
+- Presuming you need to make use of changes to the bundles-maven-plugin 
module, you should next
+  go to the [metron](../metron) directory and follow its instructions. 
+
+## Getting Started
+
+While it is most likely
+that a maven archetype is being utilized to create bundles, as part of a 
toolkit etc, you may want to create on manually, or may need to create a 
project for use in an archetype.
+
+The plugin is utilized by setting the packaging of a maven module to 
'bundle'.
+
+```xml
+bundle
+```
+
+This means that when you package this module, any of it's non-provided 
dependencies will be packaged into the produced bundle ( and all of their 
non-provided dependencies as well).
+Since a library may not always be distributed as part of a bundle with all 
it's dependencies, the bundle module
+shall be a separate module from the actual classes and dependencies to be 
bundled.
+
+A very simple example layout for a project that utilizes bundles would be:
+
+```bash
+├── README.md
+├── pom.xml
+├── testapp
+│   ├── pom.xml
+│   ├── src
+│   │   ├── main
+│   │   │   └── java
+│   │   │   └── org
+│   │   │   └── apache
+│   │   │   └── test
+│   │   │   └── App.java
+│   │   └── test
+│   │   └── java
+│   │   └── org
+│   │   └── apache
+│   │   └── test
+│   │   └── AppTest.java
+└── testappbundle
+├── pom.xml
+```
+Where testappbundle is the bundle module that creates a bundle of testapp, 
and contains the following pom.xml:
+```xml
+
+http://maven.apache.org/POM/4.0.0;
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 
http://maven.apache.org/xsd/maven-4.0.0.xsd;>
+  
+test.bundles.plugin
+org.apache.test
+1.0-SNAPSHOT
+  
+  4.0.0
+
+  test.app.bundle
+
+  
+  bundle
+  
+  
+  
+
+  org.apache.test
+  test.app
+  1.0-SNAPSHOT
+
+  
+
+  
+  
+
+  
+
+  org.apache.metron
+  bundles-maven-plugin
+  0.4.2
+  true
+  
+  
+
+  
+
+
+  
+org.apache.metron
+bundles-maven-plugin
+0.4.2
+true
+  
+
+  
+
+```
+When the module is packaged, it packages all of it's  non-provided 
dependencies into the bundles /bundled-dependencies directory.
+Thus, to create a bundle of a module's jar and that jar's non-provided 
dependencies, you add that module to your
+bundle modules dependencies.  You can unzip and examine the bundle in the 
target directory, and verify 
+it's contents, which should be similar to :
+
+```bash
+-> % tree .
+.
+└── META-INF
+├── MANIFEST.MF
+├── bundled-dependencies
+│   ├── log4j-1.2.17.jar
+│   ├── metron-common-0.4.1.jar
+│   ├── slf4j-api-1.7.7.jar
+│   ├── slf4j-log4j12-1.7.7.jar
+│   └── test.app-1.0-SNAPSHOT.jar
+└── maven
+└── org.apache.test
+└── test.app.bundle
+├── pom.properties
+└── pom.xml
+```
+
+This reflects the testapp project, which has these dependencies :
+
+```xml
+
+
+  org.apache.metron
+  metron-common
+  0.4.1
+
+
+  junit
+  junit
+  3.8.1
+  test
+
+  
+```
+metron-common 

[jira] [Commented] (METRON-1212) Bundles and Maven Plugin

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/METRON-1212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292503#comment-16292503
 ] 

ASF GitHub Bot commented on METRON-1212:


Github user JonZeolla commented on a diff in the pull request:

https://github.com/apache/metron/pull/865#discussion_r157196122
  
--- Diff: bundles-maven-plugin/NOTICE ---
@@ -0,0 +1,8 @@
+Apache NiFi
+Copyright 2014-2017 The Apache Software Foundation
+
+Apache Metron
+Copyright 2015-2017 The Apache Software Foundation
+
+This product includes software developed at
+The Apache Software Foundation (http://www.apache.org/).
--- End diff --

`s/http/https`?


> Bundles and Maven Plugin
> 
>
> Key: METRON-1212
> URL: https://issues.apache.org/jira/browse/METRON-1212
> Project: Metron
>  Issue Type: Sub-task
>Reporter: Otto Fowler
>Assignee: Otto Fowler
>  Labels: metron-feature-canidate, 
> metron-feature-extensions-parsers
>
> The first effort will be to land the bundle system and supporting maven 
> plugin on master



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (METRON-1212) Bundles and Maven Plugin

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/METRON-1212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292506#comment-16292506
 ] 

ASF GitHub Bot commented on METRON-1212:


Github user JonZeolla commented on a diff in the pull request:

https://github.com/apache/metron/pull/865#discussion_r157196478
  
--- Diff: bundles-maven-plugin/pom.xml ---
@@ -0,0 +1,328 @@
+
+
+http://maven.apache.org/POM/4.0.0; 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance; 
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 
http://maven.apache.org/xsd/maven-4.0.0.xsd;>
+4.0.0
+
+org.apache
+apache
+17
+
+
+org.apache.metron
+bundles-maven-plugin
+0.4.2
+maven-plugin
+Apache Metron Bundles Maven Plugin
+http://metron.apache.org
+
+Apache Metron Project
+http://metron.apache.org/
+
+
+
+Apache License, Version 2.0
+http://www.apache.org/licenses/LICENSE-2.0
--- End diff --

`s/http/https/`


> Bundles and Maven Plugin
> 
>
> Key: METRON-1212
> URL: https://issues.apache.org/jira/browse/METRON-1212
> Project: Metron
>  Issue Type: Sub-task
>Reporter: Otto Fowler
>Assignee: Otto Fowler
>  Labels: metron-feature-canidate, 
> metron-feature-extensions-parsers
>
> The first effort will be to land the bundle system and supporting maven 
> plugin on master



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (METRON-1212) Bundles and Maven Plugin

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/METRON-1212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292502#comment-16292502
 ] 

ASF GitHub Bot commented on METRON-1212:


Github user JonZeolla commented on a diff in the pull request:

https://github.com/apache/metron/pull/865#discussion_r157197191
  
--- Diff: bundles-maven-plugin/README.md ---
@@ -0,0 +1,230 @@
+
+# Apache Metron Bundle Maven Plugin
+
+Apache Metron Bundles Maven Plugin helps to build Bundles Archives to 
support the classloader isolation model.
+
+## Table of Contents
+
+- [Requirements](#requirements)
+- [Building](#building)
+- [Getting Stared](#getting_started)
+- [Getting Help](#getting-help)
+- [License](#license)
+
+## Requirements
+* JDK 1.7 or higher
+* Apache Maven 3.1.0 or higher
+
+## Building 
+
+Building the bundles-maven-plugin module should be rare since it will be 
released infrequently compared to
+the main 'metron' code tree.
+
+- Build with `mvn clean install`
+- Presuming you need to make use of changes to the bundles-maven-plugin 
module, you should next
+  go to the [metron](../metron) directory and follow its instructions. 
--- End diff --

Broken link.  Not positive offhand how to fix in a way that also works in 
the site-book, I need to take another look later.  Just noting for now.


> Bundles and Maven Plugin
> 
>
> Key: METRON-1212
> URL: https://issues.apache.org/jira/browse/METRON-1212
> Project: Metron
>  Issue Type: Sub-task
>Reporter: Otto Fowler
>Assignee: Otto Fowler
>  Labels: metron-feature-canidate, 
> metron-feature-extensions-parsers
>
> The first effort will be to land the bundle system and supporting maven 
> plugin on master



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (METRON-1212) Bundles and Maven Plugin

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/METRON-1212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292504#comment-16292504
 ] 

ASF GitHub Bot commented on METRON-1212:


Github user JonZeolla commented on a diff in the pull request:

https://github.com/apache/metron/pull/865#discussion_r157196275
  
--- Diff: bundles-maven-plugin/README.md ---
@@ -0,0 +1,230 @@
+
+# Apache Metron Bundle Maven Plugin
+
+Apache Metron Bundles Maven Plugin helps to build Bundles Archives to 
support the classloader isolation model.
+
+## Table of Contents
+
+- [Requirements](#requirements)
+- [Building](#building)
+- [Getting Stared](#getting_started)
+- [Getting Help](#getting-help)
+- [License](#license)
+
+## Requirements
+* JDK 1.7 or higher
+* Apache Maven 3.1.0 or higher
+
+## Building 
+
+Building the bundles-maven-plugin module should be rare since it will be 
released infrequently compared to
+the main 'metron' code tree.
+
+- Build with `mvn clean install`
+- Presuming you need to make use of changes to the bundles-maven-plugin 
module, you should next
+  go to the [metron](../metron) directory and follow its instructions. 
+
+## Getting Started
+
+While it is most likely
+that a maven archetype is being utilized to create bundles, as part of a 
toolkit etc, you may want to create on manually, or may need to create a 
project for use in an archetype.
+
+The plugin is utilized by setting the packaging of a maven module to 
'bundle'.
+
+```xml
+bundle
+```
+
+This means that when you package this module, any of it's non-provided 
dependencies will be packaged into the produced bundle ( and all of their 
non-provided dependencies as well).
+Since a library may not always be distributed as part of a bundle with all 
it's dependencies, the bundle module
+shall be a separate module from the actual classes and dependencies to be 
bundled.
+
+A very simple example layout for a project that utilizes bundles would be:
+
+```bash
+├── README.md
+├── pom.xml
+├── testapp
+│   ├── pom.xml
+│   ├── src
+│   │   ├── main
+│   │   │   └── java
+│   │   │   └── org
+│   │   │   └── apache
+│   │   │   └── test
+│   │   │   └── App.java
+│   │   └── test
+│   │   └── java
+│   │   └── org
+│   │   └── apache
+│   │   └── test
+│   │   └── AppTest.java
+└── testappbundle
+├── pom.xml
+```
+Where testappbundle is the bundle module that creates a bundle of testapp, 
and contains the following pom.xml:
+```xml
+
+http://maven.apache.org/POM/4.0.0;
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 
http://maven.apache.org/xsd/maven-4.0.0.xsd;>
+  
+test.bundles.plugin
+org.apache.test
+1.0-SNAPSHOT
+  
+  4.0.0
+
+  test.app.bundle
+
+  
+  bundle
+  
+  
+  
+
+  org.apache.test
+  test.app
+  1.0-SNAPSHOT
+
+  
+
+  
+  
+
+  
+
+  org.apache.metron
+  bundles-maven-plugin
+  0.4.2
+  true
+  
+  
+
+  
+
+
+  
+org.apache.metron
+bundles-maven-plugin
+0.4.2
+true
+  
+
+  
+
+```
+When the module is packaged, it packages all of it's  non-provided 
dependencies into the bundles /bundled-dependencies directory.
+Thus, to create a bundle of a module's jar and that jar's non-provided 
dependencies, you add that module to your
+bundle modules dependencies.  You can unzip and examine the bundle in the 
target directory, and verify 
+it's contents, which should be similar to :
+
+```bash
+-> % tree .
+.
+└── META-INF
+├── MANIFEST.MF
+├── bundled-dependencies
+│   ├── log4j-1.2.17.jar
+│   ├── metron-common-0.4.1.jar
+│   ├── slf4j-api-1.7.7.jar
+│   ├── slf4j-log4j12-1.7.7.jar
+│   └── test.app-1.0-SNAPSHOT.jar
+└── maven
+└── org.apache.test
+└── test.app.bundle
+├── pom.properties
+└── pom.xml
+```
+
+This reflects the testapp project, which has these dependencies :
+
+```xml
+
+
+  org.apache.metron
+  metron-common
+  0.4.1
+
+
+  junit
+  junit
+  3.8.1
+  test
+
+  
+```
+metron-common 

[jira] [Commented] (METRON-1212) Bundles and Maven Plugin

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/METRON-1212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292505#comment-16292505
 ] 

ASF GitHub Bot commented on METRON-1212:


Github user JonZeolla commented on a diff in the pull request:

https://github.com/apache/metron/pull/865#discussion_r157196342
  
--- Diff: bundles-maven-plugin/pom.xml ---
@@ -0,0 +1,328 @@
+
+
+http://maven.apache.org/POM/4.0.0; 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance; 
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 
http://maven.apache.org/xsd/maven-4.0.0.xsd;>
+4.0.0
+
+org.apache
+apache
+17
+
+
+org.apache.metron
+bundles-maven-plugin
+0.4.2
+maven-plugin
+Apache Metron Bundles Maven Plugin
+http://metron.apache.org
--- End diff --

`s/http/https/`


> Bundles and Maven Plugin
> 
>
> Key: METRON-1212
> URL: https://issues.apache.org/jira/browse/METRON-1212
> Project: Metron
>  Issue Type: Sub-task
>Reporter: Otto Fowler
>Assignee: Otto Fowler
>  Labels: metron-feature-canidate, 
> metron-feature-extensions-parsers
>
> The first effort will be to land the bundle system and supporting maven 
> plugin on master



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (METRON-1212) Bundles and Maven Plugin

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/METRON-1212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292501#comment-16292501
 ] 

ASF GitHub Bot commented on METRON-1212:


Github user JonZeolla commented on a diff in the pull request:

https://github.com/apache/metron/pull/865#discussion_r157196527
  
--- Diff: metron-bundles/bundles-lib/pom.xml ---
@@ -0,0 +1,185 @@
+
+
+
+http://maven.apache.org/POM/4.0.0; 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 
http://maven.apache.org/xsd/maven-4.0.0.xsd;>
+4.0.0
+
+org.apache.metron
+metron-bundles
+0.4.2
+
+
+bundles-lib
+jar
+
+
+
+The Apache Software License, Version 2.0
+http://www.apache.org/licenses/LICENSE-2.0.txt
--- End diff --

`s/http/https/`


> Bundles and Maven Plugin
> 
>
> Key: METRON-1212
> URL: https://issues.apache.org/jira/browse/METRON-1212
> Project: Metron
>  Issue Type: Sub-task
>Reporter: Otto Fowler
>Assignee: Otto Fowler
>  Labels: metron-feature-canidate, 
> metron-feature-extensions-parsers
>
> The first effort will be to land the bundle system and supporting maven 
> plugin on master



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (METRON-1212) Bundles and Maven Plugin

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/METRON-1212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292507#comment-16292507
 ] 

ASF GitHub Bot commented on METRON-1212:


Github user JonZeolla commented on a diff in the pull request:

https://github.com/apache/metron/pull/865#discussion_r157196378
  
--- Diff: bundles-maven-plugin/pom.xml ---
@@ -0,0 +1,328 @@
+
+
+http://maven.apache.org/POM/4.0.0; 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance; 
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 
http://maven.apache.org/xsd/maven-4.0.0.xsd;>
+4.0.0
+
+org.apache
+apache
+17
+
+
+org.apache.metron
+bundles-maven-plugin
+0.4.2
+maven-plugin
+Apache Metron Bundles Maven Plugin
+http://metron.apache.org
+
+Apache Metron Project
+http://metron.apache.org/
--- End diff --

`s/http/https/`


> Bundles and Maven Plugin
> 
>
> Key: METRON-1212
> URL: https://issues.apache.org/jira/browse/METRON-1212
> Project: Metron
>  Issue Type: Sub-task
>Reporter: Otto Fowler
>Assignee: Otto Fowler
>  Labels: metron-feature-canidate, 
> metron-feature-extensions-parsers
>
> The first effort will be to land the bundle system and supporting maven 
> plugin on master



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (METRON-1212) Bundles and Maven Plugin

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/METRON-1212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292498#comment-16292498
 ] 

ASF GitHub Bot commented on METRON-1212:


Github user JonZeolla commented on a diff in the pull request:

https://github.com/apache/metron/pull/865#discussion_r157196009
  
--- Diff: 
metron-bundles/bundles-lib/src/main/java/org/apache/metron/bundles/VfsBundleClassLoaderResource.java
 ---
@@ -0,0 +1,110 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
--- End diff --

I think there's an extraneous space before http in this comment block.


> Bundles and Maven Plugin
> 
>
> Key: METRON-1212
> URL: https://issues.apache.org/jira/browse/METRON-1212
> Project: Metron
>  Issue Type: Sub-task
>Reporter: Otto Fowler
>Assignee: Otto Fowler
>  Labels: metron-feature-canidate, 
> metron-feature-extensions-parsers
>
> The first effort will be to land the bundle system and supporting maven 
> plugin on master



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (METRON-1212) Bundles and Maven Plugin

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/METRON-1212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292499#comment-16292499
 ] 

ASF GitHub Bot commented on METRON-1212:


Github user JonZeolla commented on a diff in the pull request:

https://github.com/apache/metron/pull/865#discussion_r157194648
  
--- Diff: bundles-maven-plugin/README.md ---
@@ -0,0 +1,230 @@
+
+# Apache Metron Bundle Maven Plugin
+
+Apache Metron Bundles Maven Plugin helps to build Bundles Archives to 
support the classloader isolation model.
+
+## Table of Contents
+
+- [Requirements](#requirements)
+- [Building](#building)
+- [Getting Stared](#getting_started)
--- End diff --

Change to

\[Getting Started\](#getting-started)

then insert below

\[Quickstart\](#quickstart)
\[Settings and configuration\](#settings-and-configuration)


> Bundles and Maven Plugin
> 
>
> Key: METRON-1212
> URL: https://issues.apache.org/jira/browse/METRON-1212
> Project: Metron
>  Issue Type: Sub-task
>Reporter: Otto Fowler
>Assignee: Otto Fowler
>  Labels: metron-feature-canidate, 
> metron-feature-extensions-parsers
>
> The first effort will be to land the bundle system and supporting maven 
> plugin on master



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)