I believe there was some visualization in the original metron port from opensoc, but that was for an older version of kibana and was lost. I cannot find a jira to replace it, but maybe I’m not querying correctly.
I am sure it is something we would like to have, although I’m not sure what UI it would go into ( we are up to 4 -> Management, Alerts, Kibana, and Zepplin ). https://github.com/apache/metron/pull/559 added a zeppelin dashboard for visualizing pcap queries. That is where you should start. Other than that, you may want to enter a jira with what you think would be useful. On September 7, 2017 at 12:41:37, Vladimir Shlyakhtin ( [email protected]) wrote: Hello I just wondering about dataflow for PCAP data. Currently packets are moved to pcap topology and saved to hdfs. In previous verison of Kibana it was possible to visualize it. But how to do it now... As workaround I see only exporting data (pcap_query.sh) from HDFS to Hive table(s), so reports will be able to access it. Or maybe you can suggest something else. What is the future plan for it? Thank you Regards, - Vladimir
