Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/531
So we are going to close this?
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/687
Bump @cestella
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/526
@iraghumitra what is the story with this?
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/687
I have renamed in preparation for the Feature branch based on the original
jira ( create a new subtask to land this on feature and change to that ID )
---
Github user ottobackwards closed the pull request at:
https://github.com/apache/metron/pull/687
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1014
@cestella I rebased this on the new feature branch ( after rebasing on the
same master ) and I get all of these other commits. I don't know how to get
rid of them?
---
GitHub user ottobackwards opened a pull request:
https://github.com/apache/metron/pull/1014
METRON-1563 : Base Stellar assign for feature branch
repackage:
https://github.com/apache/metron/pull/687
Please sanity check and see that PR
You can merge this pull request
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/754
@as22323 I need a real name to use in the commit
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/687
Ok, so we are on the same page. I purposely did not put the update in the
map resolver because I knew it warranted more discussion etc, and this is it.
I just wasn't sure I was understanding
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/754
+1 - i'll merge
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/754
Thanks for the contribution! Please take care of the Jira
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/687
I don't quite get what you are saying. I can't wrap my head around it. If
you look at the example from the PR description under concept, that doesn't
work without the resolver being updated
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1009
I think this is good. My work on the builder/Processor stuff was a decent
attempt to reduce duplicate code in the integration tests without a total
rethink. I think what we see across
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1009
+1
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1019
This pr is against the feature branch @JonZeolla so, it is not in play
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/973
- Followed the steps ( we need a docker cheat sheet for deleting existing
old machine/containers btw )
- ran the install/integration-test
not sure it is related:
```bash
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1014
ok, @cestella I have fixed up the feature branch and this pr so it is clean
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1015
Is there not some relevant Caffeine test we can ape for this?
---
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1021#discussion_r189861295
--- Diff:
metron-platform/metron-common/src/main/java/org/apache/metron/common/configuration/enrichment/handler/StellarConfig.java
---
@@ -142,8
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1021#discussion_r189862557
--- Diff:
metron-stellar/stellar-common/src/main/java/org/apache/metron/stellar/common/utils/ConcatMap.java
---
@@ -0,0 +1,202
Github user ottobackwards commented on the pull request:
https://github.com/apache/metron/commit/2038df3c692effafc584ef32e2eb84bed905ff3f#commitcomment-29081657
In
metron-stellar/stellar-common/src/main/java/org/apache/metron/stellar/common/utils/ConcatMap.java:
In
metron
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1021#discussion_r189898485
--- Diff:
metron-platform/metron-common/src/main/java/org/apache/metron/common/configuration/enrichment/handler/StellarConfig.java
---
@@ -142,8
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1021#discussion_r189907609
--- Diff:
metron-platform/metron-common/src/main/java/org/apache/metron/common/configuration/enrichment/handler/StellarConfig.java
---
@@ -142,8
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1021#discussion_r189924019
--- Diff:
metron-platform/metron-common/src/main/java/org/apache/metron/common/configuration/enrichment/handler/StellarConfig.java
---
@@ -142,8
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1021#discussion_r189905091
--- Diff:
metron-platform/metron-common/src/main/java/org/apache/metron/common/configuration/enrichment/handler/StellarConfig.java
---
@@ -142,8
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/754
I don't have an EC2 to use unfortunately. @lvets is the only one who
answered the call to test. If it doesn't work on the mac, then we need a new
jira and proposed fix I guess
---
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1021#discussion_r190018295
--- Diff:
metron-platform/metron-common/src/main/java/org/apache/metron/common/configuration/enrichment/handler/StellarConfig.java
---
@@ -142,8
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1021
@cestella re:assignment. If all assignment is in the language, and _ is
either or, then how can we assign to a message field when _ is active?
---
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1021#discussion_r190004639
--- Diff:
metron-platform/metron-common/src/main/java/org/apache/metron/common/configuration/enrichment/handler/StellarConfig.java
---
@@ -142,8
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1045
My comment was just about calling out a possible need for more shutdown
orchestration.
I am not reviewing.
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1045
I assume you are talking to @nickwallen there @mmiklavc ?
---
GitHub user ottobackwards opened a pull request:
https://github.com/apache/metron/pull/1054
METRON-1606 Add capability to wrap json message as entity arrays
This PR adds the ability to configure the JSONMap parser to wrap messages
when using JSON Path queries in an entity
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1064#discussion_r195931103
--- Diff: metron-stellar/stellar-common/README.md ---
@@ -54,6 +54,12 @@ The Stellar language supports the following:
* The ability to have
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1064#discussion_r195931024
--- Diff: metron-stellar/stellar-common/README.md ---
@@ -54,6 +54,12 @@ The Stellar language supports the following:
* The ability to have
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1063
```bash
[Stellar]>>> foo := unknownvariable
[Stellar]>>> foo
[Stellar]>>>
```
This is not consistent.
In my stellar assign PR, this
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1034
+1 by inspection, thanks @nickwallen
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1033
+1
I will say, that the exception building facilities and builders should be
publicly exposed as part of stellar as a follow on. As part of my own antlr
work on the syslog stuff, I am
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1014
Can I ask how we do ++, --, += etc with the := notation?
---
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1039#discussion_r192225526
--- Diff:
metron-platform/metron-storm-kafka-override/src/main/java/org/apache/storm/kafka/spout/KafkaSpoutRetryExponentialBackoff.java
---
@@ -0,0
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1045
Maybe we need some kind of orchestration service that you use to shutdown
metron without losing things in the pipeline already
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1035
Do we know why it is not shutting down? What if this results in data loss?
I think we need a better understanding of what is happening.
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1041
I would say that the scripts we have wrt PR's and RC's and Commits should
be as common as possible. With the goal that they actually share code down the
line. So I would say
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1041
Right, we are on the same page. That is one of the scripts I was
suggesting you ape.
---
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1033#discussion_r191080770
--- Diff:
metron-platform/metron-enrichment/src/main/java/org/apache/metron/enrichment/adapters/stellar/StellarAdapter.java
---
@@ -92,6 +96,19
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1033#discussion_r191080813
--- Diff:
metron-stellar/stellar-common/src/main/java/org/apache/metron/stellar/common/BaseStellarProcessor.java
---
@@ -143,7 +143,11 @@ public T
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1083#discussion_r198530068
--- Diff: metron-platform/metron-parsers/README.md ---
@@ -337,6 +337,28 @@ The following config will rename the fields
`old_field
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1083
I am not sure ROUTING is a good name for this. This is more like a SELECT.
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1083
+1 to SELECT
What you are saying is SET FIELD to X if SELECT.
It would be SWITCH if it were a different X per matching regex
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1064
+1 by inspection
---
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1083#discussion_r198536558
--- Diff: metron-platform/metron-parsers/README.md ---
@@ -337,6 +337,28 @@ The following config will rename the fields
`old_field
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1084
This is significant enough that I think some level of design write-up is
warranted. At some point we'll want to update the top level doc's and
diagrams, but I'm OK with that being a follow
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1084
Yes. The use case is useful, but this is more dev. focused, if that makes
sense.
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1091
thanks again @jameslamb!
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1091
can one of you ( @cestella or @merrimanr ) merge? I can't right now
---
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1135#discussion_r206625671
--- Diff:
metron-interface/metron-rest/src/main/java/org/apache/metron/rest/service/impl/PcapServiceImpl.java
---
@@ -199,6 +208,37 @@ public
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1091
@merrimanr I'd like to get your sign off on this, now that @cestella and I
have given a +1
---
GitHub user ottobackwards opened a pull request:
https://github.com/apache/metron/pull/1175
METRON-1453 Metron Parser for valid RFC 5424 Syslog messages
This is a simple parser for *valid* [RFC
5424](http://www.rfc-base.org/txt/rfc-5424.txt) messages.
It produces JSON
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1175#discussion_r213051917
--- Diff:
metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/syslog/Syslog5424Parser.java
---
@@ -0,0 +1,83
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1175#discussion_r213016887
--- Diff:
metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/syslog/Syslog5424Parser.java
---
@@ -0,0 +1,83
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1175#discussion_r213039514
--- Diff:
metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/syslog/Syslog5424Parser.java
---
@@ -0,0 +1,83
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1099
All that being said I am a big +1 on this. Great work @justinleet, thanks
for taking the time to work it through my thick skull.
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1099
A mechanism for the routing process to apply a transform or some such.
@cestella may have a better design idea.
What I would like us to do is remove the transport from the message
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1099
@justinleet I am fine with that as a follow on, I would like the task or
issue created.
---
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1099#discussion_r203083284
--- Diff: use-cases/parser_chaining/README.md ---
@@ -233,3 +233,10 @@ cat ~/data.log |
/usr/hdp/current/kafka-broker/bin/kafka-console-producer.sh
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1099
Ok @justinleet thanks for the diagram. That really helps. I did not see
in the code how we were sending out to the sensor topic and then into the
sensor, I though the bolt was just calling
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1099#discussion_r203095632
--- Diff: use-cases/parser_chaining/README.md ---
@@ -233,3 +233,10 @@ cat ~/data.log |
/usr/hdp/current/kafka-broker/bin/kafka-console-producer.sh
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1099#discussion_r202802349
--- Diff:
metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/bolt/ParserBolt.java
---
@@ -182,40 +185,61 @@ public void prepare
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1099#discussion_r202797418
--- Diff: metron-platform/metron-parsers/README.md ---
@@ -82,6 +82,12 @@ topology in kafka. Errors are collected with the
context of the error
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1099#discussion_r202803106
--- Diff: metron-platform/metron-parsers/README.md ---
@@ -82,6 +82,12 @@ topology in kafka. Errors are collected with the
context of the error
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1099
@justinleet the main things I saw that I would think of cutting down, or I
though about looking into ( the idea may turn out to be bad ) are places where
the bolt 'knows' a lot of weird
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1099#discussion_r202755740
--- Diff: metron-platform/metron-parsers/README.md ---
@@ -82,6 +82,12 @@ topology in kafka. Errors are collected with the
context of the error
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1099#discussion_r202808756
--- Diff: metron-platform/metron-parsers/README.md ---
@@ -82,6 +82,12 @@ topology in kafka. Errors are collected with the
context of the error
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1099#discussion_r202812681
--- Diff: metron-platform/metron-parsers/README.md ---
@@ -82,6 +82,12 @@ topology in kafka. Errors are collected with the
context of the error
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1099#discussion_r202758396
--- Diff:
metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/bolt/ParserBolt.java
---
@@ -182,40 +185,61 @@ public void prepare
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1099#discussion_r202798006
--- Diff:
metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/bolt/ParserBolt.java
---
@@ -182,40 +185,61 @@ public void prepare
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1112
or, maybe we are just missing each other here, and you can explain how the
user will sign on. SSO doesn't mean no sign on. How will I now provide my
user name and password in the app?
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1112
this might be worth a discuss thread @simonellistonball
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1112
I don't understand, how are you going to do the auth without the login
screen?
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1112
"The authentication will be handled by the hosts that allow loading of the
UIs redirecting the browser to a KnoxSSO endpoint, handled in METRON-1665"
How is this goi
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/865
ok, i give up
---
Github user ottobackwards closed the pull request at:
https://github.com/apache/metron/pull/865
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1112
@simonellistonball, thank you. I didn't get that from the PR description.
Sorry for the noise.
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1103
I think we should rename from alert ui to investigate or something
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1091
Great! I will give this a try asap
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1099
I have been on vacation, but will be reviewing Monday and Tuesday. Please
do not commit
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1091
+1 from me. I was able to do the above, along with building metron from
the instructions ansible-docker's readme.md.
Thanks for sticking with it.
---
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1099#discussion_r203064655
--- Diff: use-cases/parser_chaining/README.md ---
@@ -233,3 +233,10 @@ cat ~/data.log |
/usr/hdp/current/kafka-broker/bin/kafka-console-producer.sh
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1099
Sure, actually I'll do a discuss thread when this all goes through. That
way I can try again to get @cestella to comment
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1178
The work-around to this issue, and some documentation of it to the extent
you feel necessary should go out to the users list.
---
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1175#discussion_r213706134
--- Diff:
metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/syslog/Syslog5424Parser.java
---
@@ -0,0 +1,75
GitHub user ottobackwards opened a pull request:
https://github.com/apache/metron/pull/1184
METRON-1761, allow application of grok statement multiple times
This PR adds support for incoming messages to grok parsers that have
multiple log lines.
Instead of having to split
Github user ottobackwards commented on the issue:
https://github.com/apache/metron-bro-plugin-kafka/pull/8
+1
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1175
New upstream integrated now.
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1091
@jameslamb,
The vagrant stuff is the general information on how to run it. For the
docker containers that you have worked on, it would be fine I think to say that
you tested
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1084
1 nit, other than that +1
---
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1084#discussion_r201426118
--- Diff:
metron-platform/metron-common/src/main/java/org/apache/metron/common/message/metadata/EnvelopedRawMessageStrategy.java
---
@@ -0,0 +1,146
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1084
I'm looking for a doc that describes how these new things work, like what
would have come out of a discuss thread if there had been discussion on this
before hand.
" Dev. d
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1084
Let's try something else. Please javadoc all the new classes and
functionality, such that someone else if they want to review or maintain this
can understand their implementation
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1083
" Ultimately, I consider this a stop-gap."
Yes. What we are basically doing is writing a meta language on top of
stellar. In this case we are using that to make up fo
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1083
Why don't you create a jira for the REGEXP_MATCH
---
1 - 100 of 364 matches
Mail list logo
