Re: HDFS Data Activity Monitoring - demo in Eagle

Wed, 22 Mar 2017 04:24:46 -0700 

Hi Jean,

You can create policies either through rest API or through Eagle UI.

Rest API:
Post : 

{
   "name": "hdfsPolicy_1",
   "description": "hdfsPolicy",
   "inputStreams": [
      "HDFS_AUDIT_LOG_ENRICHED_STREAM_EAGLE_LP"
   ],
   "outputStreams": [
      "HDFS_AUDIT_LOG_ENRICHED_STREAM_EAGLE_LP"
   ],
   "definition": {
      "type": "siddhi",
      "value": "from HDFS_AUDIT_LOG_ENRICHED_STREAM_SANDBOX[src=='/tmp'] select 
* insert into Audit_log_alert"
   },
   "alertDefinition":
                {"templateType":"TEXT",
                "subject”:”Test Alert : eagle alert",
                "body”:"Tmp : test alert",
                "severity":"CRITICAL",
                "category":"test"
                },
   "partitionSpec": [
      {
         "streamId": "HDFS_AUDIT_LOG_ENRICHED_STREAM_EAGLE_LP",
         "type": "GROUPBY",
         "columns" : [
            "user"
         ]
      }
   ],
   "parallelismHint": 2
}

You can follow the below given document:
https://cwiki.apache.org/confluence/display/EAG/5.1+Create+Alert+Policy 
<https://cwiki.apache.org/confluence/display/EAG/5.1+Create+Alert+Policy>
https://cwiki.apache.org/confluence/display/EAG/Quick+Start+with+Alert+Engine+through+API
 
<https://cwiki.apache.org/confluence/display/EAG/Quick+Start+with+Alert+Engine+through+API>

Regards,
Sudha Jenslin



> On Mar 22, 2017, at 4:47 PM, Jean Rossier <[email protected]> wrote:
> 
> Hello,
> 
> I'm trying to setup the HDFS data activity monitoring stream 
> (http://eagle.apache.org/docs/hdfs-data-activity-monitoring.html 
> <http://eagle.apache.org/docs/hdfs-data-activity-monitoring.html>). I'm using 
> Logstash to stream the audit logs to Kafka.
> 
> In Eagle UI, I installed the "HDFS audit log monitor" application.
> Under the 'Alert -> Streams' menu, I now have two streams:
> - HDFS_AUDIT_LOG_ENRICHED_STREAM_SANDBOX
> - HDFS_AUDIT_LOG_TRAFFIC_STREAM_SANDBOX
> 
> Under 'Alert -> Policies', I have no policy.
> 
> What do I have to do to see any alert ?
> 
> I guess the tutorials on eagle website (e.g. 
> http://eagle.apache.org/docs/tutorial/policy.html 
> <http://eagle.apache.org/docs/tutorial/policy.html>) are no more relevant, 
> right ? At least the UI depicted in them does not correspond to what I see in 
> my Eagle UI.
> 
> Thanks for your help
> Jean

Reply via email to