Are you able to look through the storm UI and identify any errors? Also, did you look at the Metron error dashboard? Thanks,
Jon On Thu, Jan 4, 2018, 22:47 Gaurav Bapat <[email protected]> wrote: > Also when I enter indices in Kibana, it fails to search for my Kafka topic > and I dont know why the cef logs are not coming into Kibana > > > > On 5 January 2018 at 00:23, Simon Elliston Ball < > [email protected]> wrote: > >> Are the logs you’re sending with syslog in CEF format? You will note that >> the CEF sensor uses the CEF parser, which means unless your logs are in CEF >> format, they will fail to parse and be dropped into the error index (worth >> checking the error index in kibana via the Metron Error Dashboard. That >> will likely tell you why things aren’t parsing. >> >> The most likely scenario is that you are sending something non-CEF on the >> syslog feed, in which case you will need something like a Grok parser. I >> suggest reading through the Squid example in the documentation on how to do >> this. >> >> Simon >> >> > On 4 Jan 2018, at 18:49, Gaurav Bapat <[email protected]> wrote: >> > >> > They are syslogs and my topic name is cef, I get one parsed logs out of >> 1000+ and I want to do analytics using Spark but I cant find a way out. >> >> -- Jon
