Re: SysLog using CEF Parser (RSysLogs)

2018-01-22 Thread Farrukh Naveed Anjum
Any suggestion how to fix that ? On Mon, Jan 22, 2018 at 9:01 PM, Farrukh Naveed Anjum < anjum.farr...@gmail.com> wrote: > Hi Simon, > > Thanks for replying yes, these are indexing bolt errors. I am basically > trying to forward RSyslog via Nifi. It comes down all the way till indexing > bolts

Re: Some Metron Alerts UI questions

2018-01-22 Thread Simon Elliston Ball
Hi Laurens, A few quick answers inlineā€¦ Simon > On 20 Jan 2018, at 00:37, Laurens Vets wrote: > > Hi list, > > I have some general Alerts UI questions/comments/remarks, I hope you don't > mind :) I'm using the UI that's part of Metron 0.4.2. These apply to my > specific

Re: SysLog using CEF Parser (RSysLogs)

2018-01-22 Thread Otto Fowler
If it reaches the Indexing topology it is not a Parser problem, in almost all cases. On January 22, 2018 at 03:24:35, Farrukh Naveed Anjum ( anjum.farr...@gmail.com) wrote: Yes its Strom Indexing Bolt that is halting it. Any one working on CEF Parser (Can Syslog work with it like RSyslog). We

Re: SysLog using CEF Parser (RSysLogs)

2018-01-22 Thread Simon Elliston Ball
Are there any errors in the logs for the indexing bolt? I would expect the errors are probably at the elastic ingest point, and probably caused by an incorrect elastic template for the CEF data. Simon > On 22 Jan 2018, at 08:24, Farrukh Naveed Anjum > wrote: > >

Re: SysLog using CEF Parser (RSysLogs)

2018-01-22 Thread Farrukh Naveed Anjum
Yes its Strom Indexing Bolt that is halting it. Any one working on CEF Parser (Can Syslog work with it like RSyslog). We are stuck at that point. Please see the above error and suggest On Mon, Jan 22, 2018 at 1:10 PM, Gaurav Bapat wrote: > Hi, > > Even I am stuck with