This means that the messages are either failing to parse or failing to validate. So they are being sent to error topics instead. When you tail these topics do you see any error messages attached to messages that failed to parse or validate?
06.04.2017, 22:33, "Ali Nazemian" <alinazem...@gmail.com>:
Hi all,I have trouble with the new CEF parser which has been added to Metron. I am trying to use that for a CEF Paloalto device. It seems messages pass the parsing step and I cannot see any error in Storm topology. I have checked all of the logs related to Parsing nothing there. I have even changed the log level to debug it seems normal. I couldn't find any issue which has been presented in logs! I can see lots of messages comes to "enrichments_error", "parser_error" and "parser_invalid" topics, but It seems the storm enrichment topology doesn't process the CEF messages at all. I am not sure where I can check to find any suspicious error. As far as I understand, there is an issue with the CEF lineage which it seems to be related to Parsing.Cheers,Ali
-------------------
Thank you,
James Sirota
PPMC- Apache Metron (Incubating)
jsirota AT apache DOT org
