GitHub user ottobackwards reopened a pull request:
https://github.com/apache/metron/pull/1054
METRON-1606 Add capability to wrap json message as entity arrays
This PR adds the ability to configure the JSONMap parser to wrap messages
when using JSON Path queries in an entity with an
Github user ottobackwards closed the pull request at:
https://github.com/apache/metron/pull/1054
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1091
Great! I will give this a try asap
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1099
I have been on vacation, but will be reviewing Monday and Tuesday. Please
do not commit
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1091
+1 from me. I was able to do the above, along with building metron from
the instructions ansible-docker's readme.md.
Thanks for sticking with it.
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1091
@merrimanr are you all set?
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1103
I think we should rename from alert ui to investigate or something
---
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1099#discussion_r202758396
--- Diff:
metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/bolt/ParserBolt.java
---
@@ -182,40 +185,61 @@ public void prepare
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1099#discussion_r202755740
--- Diff: metron-platform/metron-parsers/README.md ---
@@ -82,6 +82,12 @@ topology in kafka. Errors are collected with the
context of the error
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1099#discussion_r202797418
--- Diff: metron-platform/metron-parsers/README.md ---
@@ -82,6 +82,12 @@ topology in kafka. Errors are collected with the
context of the error
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1099#discussion_r202798006
--- Diff:
metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/bolt/ParserBolt.java
---
@@ -182,40 +185,61 @@ public void prepare
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1099
@justinleet the main things I saw that I would think of cutting down, or I
though about looking into ( the idea may turn out to be bad ) are places where
the bolt 'knows' a lot o
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1099#discussion_r202802349
--- Diff:
metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/bolt/ParserBolt.java
---
@@ -182,40 +185,61 @@ public void prepare
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1099#discussion_r202803106
--- Diff: metron-platform/metron-parsers/README.md ---
@@ -82,6 +82,12 @@ topology in kafka. Errors are collected with the
context of the error
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1099#discussion_r202808756
--- Diff: metron-platform/metron-parsers/README.md ---
@@ -82,6 +82,12 @@ topology in kafka. Errors are collected with the
context of the error
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1099#discussion_r202812681
--- Diff: metron-platform/metron-parsers/README.md ---
@@ -82,6 +82,12 @@ topology in kafka. Errors are collected with the
context of the error
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1099#discussion_r203064655
--- Diff: use-cases/parser_chaining/README.md ---
@@ -233,3 +233,10 @@ cat ~/data.log |
/usr/hdp/current/kafka-broker/bin/kafka-console-producer.sh
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1099#discussion_r203083284
--- Diff: use-cases/parser_chaining/README.md ---
@@ -233,3 +233,10 @@ cat ~/data.log |
/usr/hdp/current/kafka-broker/bin/kafka-console-producer.sh
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1099
Ok @justinleet thanks for the diagram. That really helps. I did not see
in the code how we were sending out to the sensor topic and then into the
sensor, I though the bolt was just calling
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1099#discussion_r203095632
--- Diff: use-cases/parser_chaining/README.md ---
@@ -233,3 +233,10 @@ cat ~/data.log |
/usr/hdp/current/kafka-broker/bin/kafka-console-producer.sh
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1099
@justinleet I am fine with that as a follow on, I would like the task or
issue created.
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1099
A mechanism for the routing process to apply a transform or some such.
@cestella may have a better design idea.
What I would like us to do is remove the transport from the message
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1099
All that being said I am a big +1 on this. Great work @justinleet, thanks
for taking the time to work it through my thick skull.
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1099
Sure, actually I'll do a discuss thread when this all goes through. That
way I can try again to get @cestella to comment
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1112
"The authentication will be handled by the hosts that allow loading of the
UIs redirecting the browser to a KnoxSSO endpoint, handled in METRON-1665"
How is this going
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1112
It seems strange to me to ONLY support SSO. Most things support a local
configuration and SSO or 'other' on demand.
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1112
this might be worth a discuss thread @simonellistonball
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1112
I don't understand, how are you going to do the auth without the login
screen?
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1112
or, maybe we are just missing each other here, and you can explain how the
user will sign on. SSO doesn't mean no sign on. How will I now provide my
user name and password in the app?
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1112
@simonellistonball, thank you. I didn't get that from the PR description.
Sorry for the noise.
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/865
ok, i give up
---
Github user ottobackwards closed the pull request at:
https://github.com/apache/metron/pull/865
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1091
@merrimanr I'd like to get your sign off on this, now that @cestella and I
have given a +1
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1091
can one of you ( @cestella or @merrimanr ) merge? I can't right now
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1091
thanks again @jameslamb!
---
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1135#discussion_r206625671
--- Diff:
metron-interface/metron-rest/src/main/java/org/apache/metron/rest/service/impl/PcapServiceImpl.java
---
@@ -199,6 +208,37 @@ public
GitHub user ottobackwards opened a pull request:
https://github.com/apache/metron/pull/1175
METRON-1453 Metron Parser for valid RFC 5424 Syslog messages
This is a simple parser for *valid* [RFC
5424](http://www.rfc-base.org/txt/rfc-5424.txt) messages.
It produces JSON for the
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1175#discussion_r213016887
--- Diff:
metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/syslog/Syslog5424Parser.java
---
@@ -0,0 +1,83
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1175#discussion_r213039514
--- Diff:
metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/syslog/Syslog5424Parser.java
---
@@ -0,0 +1,83
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1175#discussion_r213051917
--- Diff:
metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/syslog/Syslog5424Parser.java
---
@@ -0,0 +1,83
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1175#discussion_r213706134
--- Diff:
metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/syslog/Syslog5424Parser.java
---
@@ -0,0 +1,75
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1178
The work-around to this issue, and some documentation of it to the extent
you feel necessary should go out to the users list.
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1175
Can you log an issue in upstream with your excellent description please?
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1175
@kylerichardson Let's talk over on the upstream issue
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1175
Fixed in upstream 0.0.8
I will update when it posts / tomorrow
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1175
New upstream integrated now.
---
GitHub user ottobackwards opened a pull request:
https://github.com/apache/metron/pull/1184
METRON-1761, allow application of grok statement multiple times
This PR adds support for incoming messages to grok parsers that have
multiple log lines.
Instead of having to split
Github user ottobackwards commented on the issue:
https://github.com/apache/metron-bro-plugin-kafka/pull/8
+1
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1207
We have an overall deficiency here I believe. The Slot management is a oft
forgotten and manual task, for adding new parsers from the ui etc, you ( I
believe ) still have to remember to have
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1207
@mmiklavc I agree with that, but I also think that we should separate the
default sensors from the regular metron install, and have them be their own
optional thing. IE> you would choose
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1213#discussion_r221022015
--- Diff:
metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/ParserRunner.java
---
@@ -0,0 +1,234 @@
+/**
+ * Licensed
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1175
Hopefully it is all set now
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1184
I am sorry, I missed the comments on this. I will try to have something
soon.
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1184
@mmiklavc wrt failing the whole message or some sort of partial failure
scheme. I don't like failing multiples if we _can_ parse some lines, but I
don't see a good way to cleanly
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1175
@JonZeolla let me know if you are all set
---
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1175#discussion_r221426956
--- Diff: metron-deployment/packaging/docker/rpm-docker/SPECS/metron.spec
---
@@ -590,6 +591,8 @@ chkconfig --del metron-alerts-ui
%changelog
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1184
If you think the "every line fails" == fail, some fails = emit and log
works, we can do that, but I don't know how or if we want to put things in the
error stream. I need to
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1184
@mmiklavc Can you take a look at the parser.validate() stuff in the bolt?
Maybe the answer is put a dummy invalid record in there and fail validation for
each parse failure?
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1184
@mmiklavc I looked through the validation stuff more, I think that
validation is the way to go here. The grok parser will add invalid message for
each exception, parser failure, and then in
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1184
@mmiklavc but we don't have messages to split, we have bytes. If we where
going to leave the 'parser's as single object -> single result | single
exceception', ie n
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1184
So the idea would be that the JSONObject returned for the failed line (
that would be passed to handle error ) would be a new object that had the raw
line, the exception type, the exception
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1184
It think the API should be improved ideally, but that is in the future
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1184
Let me give it a shot, I'll document the semantics of the failure mode and
we can look again
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1184
If it turns out that this is just such a duck tape job, we can always close
the PR and open a jira for the new api
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1184
actually, I'm just going to close this. Once I step back from "how could I
do this" to look at the big picture, it doesn't seem like a good idea. This is
not a fie
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1184
Closing this pr. I will create a jira for api improvement
---
Github user ottobackwards closed the pull request at:
https://github.com/apache/metron/pull/1184
---
GitHub user ottobackwards reopened a pull request:
https://github.com/apache/metron/pull/1184
METRON-1761, allow application of grok statement multiple times
This PR adds support for incoming messages to grok parsers that have
multiple log lines.
Instead of having to split
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1184
re-opening for input
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1184
@merrimanr @mmiklavc First pass of what we discussed
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1188
It may be time for a README for these scripts
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1188
+1 from me, great improvements.
---
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1184#discussion_r223833982
--- Diff:
metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/GrokParser.java
---
@@ -134,26 +144,102 @@ public void init
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1184#discussion_r223836515
--- Diff:
metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/bolt/ParserBolt.java
---
@@ -383,7 +408,7 @@ public void execute
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1184#discussion_r223836783
--- Diff:
metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/MultiLineWithErrorsGrokParserTest.java
---
@@ -0,0 +1,146
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1184#discussion_r223837103
--- Diff:
metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/interfaces/MessageParser.java
---
@@ -31,23 +35,41
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1184#discussion_r223836809
--- Diff:
metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/MultiLineGrokParserTest.java
---
@@ -0,0 +1,146
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1184
@mmiklavc please see latest commit
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1184
@merrimanr any comment?
---
GitHub user ottobackwards opened a pull request:
https://github.com/apache/metron/pull/1234
METRON-1820 Syslog support for new api -> multiple messages and errors
This PR adds support for the Syslog parser and having multiple messages and
errors.
Run a syslog 5424 sou
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1234
I had missed support for the master throwable in the old List
parse function. This function is not called by the Bolt anymore, but I
corrected the issue in this and Grok.
---
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1234#discussion_r224528191
--- Diff:
metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/syslog/Syslog5424Parser.java
---
@@ -61,16 +67,37 @@ public void
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1234#discussion_r224528495
--- Diff:
metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/syslog/Syslog5424Parser.java
---
@@ -61,16 +67,37 @@ public void
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1234#discussion_r224573925
--- Diff:
metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/syslog/Syslog5424Parser.java
---
@@ -61,16 +67,37 @@ public void
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1213#discussion_r224746795
--- Diff:
metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/ParserRunnerImpl.java
---
@@ -137,11 +208,29 @@ private void
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1213#discussion_r224755060
--- Diff:
metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/ParserRunnerImpl.java
---
@@ -137,11 +208,29 @@ private void
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron-bro-plugin-kafka/pull/2#discussion_r224996952
--- Diff: README.md ---
@@ -11,6 +11,32 @@ This software is a part of the [Apache
Metron](http://metron.apache.org/) projec
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron-bro-plugin-kafka/pull/2#discussion_r224996990
--- Diff: README.md ---
@@ -42,22 +68,47 @@ This software is a part of the [Apache
Metron](http://metron.apache.org/) projec
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron-bro-plugin-kafka/pull/2#discussion_r224997103
--- Diff: README.md ---
@@ -144,23 +194,35 @@ event bro_init() &priority=-5
Notes
* `logs_to_send` is mutu
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron-bro-plugin-kafka/pull/2#discussion_r224996917
--- Diff: README.md ---
@@ -11,6 +11,32 @@ This software is a part of the [Apache
Metron](http://metron.apache.org/) projec
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron-bro-plugin-kafka/pull/2#discussion_r225028659
--- Diff: README.md ---
@@ -11,6 +11,32 @@ This software is a part of the [Apache
Metron](http://metron.apache.org/) projec
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1213
@justinleet if you take master, I'll help resolve the conflicts from #1234
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/684
I don't think anything has been done with this. The feature branch wasn't
made
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1213
oops, right
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/870
@cestella
---
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron-bro-plugin-kafka/pull/2#discussion_r225631931
--- Diff: README.md ---
@@ -11,6 +11,32 @@ This software is a part of the [Apache
Metron](http://metron.apache.org/) projec
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1213
That is fine
---
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1233
we should support the ISO date format constants so that users don't have to
copy those formats.
---
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1233#discussion_r226064136
--- Diff:
metron-stellar/stellar-common/src/main/java/org/apache/metron/stellar/dsl/functions/DateFunctions.java
---
@@ -109,6 +110,13 @@ public
Github user ottobackwards commented on a diff in the pull request:
https://github.com/apache/metron/pull/1233#discussion_r226064248
--- Diff:
metron-stellar/stellar-common/src/test/java/org/apache/metron/stellar/dsl/functions/DateFunctionsTest.java
---
@@ -225,4 +226,36 @@ public
1 - 100 of 385 matches
Mail list logo
