Hi, I have a requirement to enrich one of my event feed with another event feed. One event feed has session logs (user id, IP address) and the other feed has user id and other application specific fields. I would like the two streams to be joined in real time before they are scored and triaged. What is the best way to achieve this in Metron? I would have preferred to use something like KSQL but I guess its not supported directly on HDP stack yet. Google pointed me to the below link
https://cwiki.apache.org/confluence/display/METRON/2016/06/16/Metron+Tutorial+-+Fundamentals+Part+6%3A+Streaming+Enrichment However, using the above, I can only add one field at a time. I guess that’s workable, but just wondering if it’s still relevant and the recommended way to merge/join streams? Best regards, Sanket
