Hey Jon, Appreciate your timely reply.
I gone through your answer but still I can't figure out how do I do parsing/indexing in Storm UI as I cant find any option for the same. Is there any other UI to do parsing/indexing? On 11 January 2018 at 21:22, zeo...@gmail.com <zeo...@gmail.com> wrote: > So, you created a new cef topic, and set up the appropriate parser config > for it (if not, this > <https://cwiki.apache.org/confluence/display/METRON/Adding+a+New+Telemetry+Data+Source> > may be helpful)? If so: > > Here are some basic troubleshooting steps: > 1. Validate that the logs are getting onto the kafka topic that you are > sending to. If they aren't there, the problem is upstream from Metron. > 2. If they are getting onto the kafka topic they are being directly sent > to, check the indexing kafka topic for an enriched version of those same > logs. > 3. Do a binary search of the various components involved with ingest. > a. If the logs are *not* on the indexing kafka topic, check the > enrichments topic for those logs. > b. If the logs are *not* on the enrichments topic, check the parser > storm topology. > c. If the logs are on the enrichments topic, but *not* indexing, > check the enrichments storm topology. > d. If the logs are on the indexing but *not* Kibana, check the > indexing storm topic. > e. If the logs are in on the indexing topic and indexing storm topic > is in good shape, check elasticsearch directly. > 4. You should have identified where the issue is at this point. Report > back here with what you observed, any relevant error messages, etc. > > Side note: We should document a decision tree for troubleshooting data > ingest. It is fairly straightforward and makes me wonder if we already > have this somewhere and I'm not aware of it? It would also be a good place > to put pointers to some common errors. > > Jon > > On Thu, Jan 11, 2018 at 1:44 AM Gaurav Bapat <gauravb3...@gmail.com> > wrote: > >> Hello everyone, I have deployed Metron on a single node machine and I >> would like to know how do I get Syslogs from NiFi into Kibana dashboard? >> >> I have created a Kafka topic by the name "cef" and I can see that the >> topic exists in >> Metron Configuration but I am unable to connect it with Kibana >> >> Need Help!! >> > > > -- > > Jon >
