There are no errors in Storm, the topic is emitting just like Snort & Bro but I still cant understand the problem
On Fri, Jan 5, 2018 at 19:54 [email protected] <[email protected]> wrote: > Are you able to look through the storm UI and identify any errors? Also, > did you look at the Metron error dashboard? Thanks, > > Jon > > On Thu, Jan 4, 2018, 22:47 Gaurav Bapat <[email protected]> wrote: > >> Also when I enter indices in Kibana, it fails to search for my Kafka >> topic and I dont know why the cef logs are not coming into Kibana >> >> >> >> On 5 January 2018 at 00:23, Simon Elliston Ball < >> [email protected]> wrote: >> >>> Are the logs you’re sending with syslog in CEF format? You will note >>> that the CEF sensor uses the CEF parser, which means unless your logs are >>> in CEF format, they will fail to parse and be dropped into the error index >>> (worth checking the error index in kibana via the Metron Error Dashboard. >>> That will likely tell you why things aren’t parsing. >>> >>> The most likely scenario is that you are sending something non-CEF on >>> the syslog feed, in which case you will need something like a Grok parser. >>> I suggest reading through the Squid example in the documentation on how to >>> do this. >>> >>> Simon >>> >>> > On 4 Jan 2018, at 18:49, Gaurav Bapat <[email protected]> wrote: >>> > >>> > They are syslogs and my topic name is cef, I get one parsed logs out >>> of 1000+ and I want to do analytics using Spark but I cant find a way out. >>> >>> -- > > Jon >
