Hi Kyle, Thank you very much. I should have asked the question earlier. We have done the most of the Grok statement implementations so far! I haven't checked the source code for any Grok sample parser.
For the Grok deployment, are you saying that we need to put all of the grok statements inside the Metron Management-UI and we only need to create a Kafka topic for that? Regards, Ali On Tue, Mar 7, 2017 at 11:26 PM, Kyle Richardson <kylerichards...@gmail.com> wrote: > Hi Ali, > > There is a grok-based ASA parser included in the Metron code base that you > can try out. If you find it's missing patterns or requires modifications, > I'd be happy to work with you to improve on it. > > You should be able to test it out by creating a new Kafka topic 'asa' and > pointing your raw logs there. Let me know if you run into any issues. > > Thanks, > Kyle > > On Mon, Mar 6, 2017 at 9:51 PM, Ali Nazemian <alinazem...@gmail.com> > wrote: > >> Hi all, >> >> I am building a customized version of ASA parser using Grok statements. I >> have prepared the Grok requirements so far. I am using the following manual >> which has been provided for Grok squid parser >> <https://cwiki.apache.org/confluence/display/METRON/Adding+a+New+Telemetry+Data+Source>. >> I couldn't find anything else as an end-to-end manual for deploying a Grok >> parser, and I have some trouble to map this manual with the Hortonworks >> Cyber Security release. For example, I couldn't find the step-5 alternative >> in Hortonworks one. I would be grateful if somebody can provide a link for >> better and more up-to-date manual for deploying a Grok Parser in Meron 0.3. >> >> Regards, >> Ali >> > >