ake in order to upgrade to
> 7.2 (Open Distro ?)
>
> On Fri, Mar 6, 2020 at 9:42 AM Vladimir Mikhailov <
> v.mikhai...@content-media.ru> wrote:
>
> > We migrated to Open Distro 1.4.0 (Elasticsearch 7.4.2) with no problem
> > (our current stack is CCP 2.0
We migrated to Open Distro 1.4.0 (Elasticsearch 7.4.2) with no problem
(our current stack is CCP 2.0.1 over HDP 3.1.4).
The only drawback - it is impossible to manage the elastic cluster via Ambari
due to lack Ambari Management Pack for Open Distro.
On 2020/03/05 12:40:16, Hema malini wrote:
got it, thanks
On 2020/02/07 14:26:44, Simon Elliston Ball
wrote:
> groupBy applies to profiles when persisted so only has profile fields
> available.
>
> foreach is the mechanism for grouping data on message fields.
>
> Simon
>
> On Fri, 7 Feb 2020 at 07:50, Vladimi
Hi,
We continue to test the profiler. As far as we understood only this variables
available in "groupBy" field: duration, result, profile, start, end, entity.
And we can't use origin message fields in "groupBy".
Is it so?
Hi
There is a parameter "fieldNameConverter" in the parser indexing configuration:
fieldNameConverter
"Defines how field names are transformed before being written to the index.
Only applicable to elasticsearch.
Defaults to DEDOT. Acceptable values are DEDOT that replaces all '.'
In light of recent changes in the policy for downloading Maxmind GeoIP data
files, we have configured to update files in HDFS using an external tool. And
we decided to figure out when does the Metron start using the new Maxmind GeoIP
data after updating.
After studying the source code, we came
Hi,
We are continuing testing profiler. Thank you for your help, but we have more
questions.
After your recomendations we increased memory for profiler topology and set
"topology.max.spout.pending" to null as default and set "profiler.workers" to 1
as default too. But with such configuration
We are trying to tune performance for profiler topology now. In config file for
profiler there are no many parameters to do this. Therefore we've tried to
change "topology.max.spot.pending". And we can't undestand how profiler
performance depend on this parameter.
We have about 6000-7000
Hi
HDFS Writer has great functionality for defining the destination folder for
indexing data:
{
"index": "bro",
"batchSize": 5,
"outputPathFunction": "FORMAT('uid-%s', uid)"
}
https://github.com/apache/metron/blob/master/metron-platform/metron-writer/README.md#hdfs-writer
Is it possible
Yes, we specially did some more tests with EPS 100 and every time got a 10
second window with reindexing
On 2019/12/17 18:42:17, Michael Miklavcic wrote:
> Is it always a 10 second window, or thereabouts?
>
> On Sun, Dec 15, 2019 at 11:11 PM Vladimir Mikhailov <
> v.mikhai...@c
uot;hdfs": {
"batchSize": 1000,
"enabled": true,
"index": "netflow-load-test-json"
},
"elasticsearch": {
"batchSize": 1000,
"enabled&quo
pology's message timeout to
> allow all messages currently being processed to finish processing. Storm
> will then shutdown the workers and clean up their state. You can override
> the length of time Storm waits between deactivation and shutdown with the
> -w flag.
>
>
> On W
12/11 06:39:28, Michael Miklavcic wrote:
> It only does that if the arg stopNow is true. It's always false per the
> previous snippets I shared.
>
> On Tue, Dec 10, 2019, 10:54 PM Vladimir Mikhailov <
> v.mikhai...@content-media.ru> wrote:
>
> > Hi Michael
> >
.
> https://github.com/apache/metron/blob/master/metron-interface/metron-config/src/app/service/storm.service.ts#L154
> https://github.com/apache/metron/blob/master/metron-interface/metron-rest/src/main/java/org/apache/metron/rest/controller/StormController.java#L91
>
>
>
Hi
We found the unpleasant consequences of each restart of the parsers: each time
part of the events are reindexed again. Unfortunately, this was confirmed by
several special tests.
Perhaps the reason for this is the method used to immediately stop the storm
topology using
15 matches
Mail list logo
