So, you created a new cef topic, and set up the appropriate parser config
for it (if not, this
<https://cwiki.apache.org/confluence/display/METRON/Adding+a+New+Telemetry+Data+Source>
may be helpful)? If so:
Here are some basic troubleshooting steps:
1. Validate that the logs are getting onto the kafka topic that you are
sending to. If they aren't there, the problem is upstream from Metron.
2. If they are getting onto the kafka topic they are being directly sent
to, check the indexing kafka topic for an enriched version of those same
logs.
3. Do a binary search of the various components involved with ingest.
a. If the logs are *not* on the indexing kafka topic, check the
enrichments topic for those logs.
b. If the logs are *not* on the enrichments topic, check the parser
storm topology.
c. If the logs are on the enrichments topic, but *not* indexing, check
the enrichments storm topology.
d. If the logs are on the indexing but *not* Kibana, check the indexing
storm topic.
e. If the logs are in on the indexing topic and indexing storm topic is
in good shape, check elasticsearch directly.
4. You should have identified where the issue is at this point. Report
back here with what you observed, any relevant error messages, etc.
Side note: We should document a decision tree for troubleshooting data
ingest. It is fairly straightforward and makes me wonder if we already
have this somewhere and I'm not aware of it? It would also be a good place
to put pointers to some common errors.
Jon
On Thu, Jan 11, 2018 at 1:44 AM Gaurav Bapat <gauravb3...@gmail.com> wrote:
> Hello everyone, I have deployed Metron on a single node machine and I
> would like to know how do I get Syslogs from NiFi into Kibana dashboard?
>
> I have created a Kafka topic by the name "cef" and I can see that the
> topic exists in
> Metron Configuration but I am unable to connect it with Kibana
>
> Need Help!!
>
--
Jon
