metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From JonZeolla <...@git.apache.org>
Subject [GitHub] incubator-metron pull request #503: METRON-815 sensor-stubs sometimes send m...
Date Mon, 03 Apr 2017 13:06:36 GMT
Github user JonZeolla commented on a diff in the pull request:

    https://github.com/apache/incubator-metron/pull/503#discussion_r109411418
  
    --- Diff: metron-deployment/roles/sensor-stubs/templates/start-bro-stub ---
    @@ -47,8 +47,8 @@ TOPIC="bro"
     while true; do
       
       # transform the bro timestamp and push to kafka
    -  SEARCH="\"ts\"\:[0-9]\+.[0-9]\{6\}"
    -  REPLACE="\"ts\"\:`date +%s`.000000"
    +  SEARCH="\"ts\"\:[0-9]\+\."
    +  REPLACE="\"ts\"\:`date +%s`\."
    --- End diff --
    
    Bro timestamps are often out of order depending on the log because some lines are written
when the connection ends and others are written when an event within a connection occurs.
As such, timestamps can be confusing to look at initially, but it is very normal for them
not to be in order. Also, we are already breaking any sort ordering by randomly selecting
logs from bro.out and replacing the timestamps with the current timestamp, so I'm not concerned
with my changes causing any more of a headache than flattening the decimal places with 0s.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message