Just to confirm, is it in the indexing Kafka topic? If so, I would look at
the storm indexing logs. If nothing there, look at ES and Kibana logs.
Jon
On Thu, Feb 22, 2018, 22:03 Srikanth Nagarajan
wrote:
> Hi,
>
> In my Metron implementation, events from bro and snort are seen in Kafka
> topi
Thanks Ali,
Storm without ackers would be a good example as well. From the attached
network diagram where a hub sits below a switch with sensors on the span
port at A and the hub at B. Traffic from B going to the router would be
duplicated.
Kibana tables could take care of things as is. The workf
