metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mmiklavc <...@git.apache.org>
Subject [GitHub] metron issue #530: METRON-777 Metron Extension System and Parser Extensions
Date Thu, 03 Aug 2017 21:30:30 GMT
Github user mmiklavc commented on the issue:

    https://github.com/apache/metron/pull/530
  
    I see that for parser extensions, the enrichment and indexing configurations have also
been moved into this tree. This structure conflates parsers, enrichments, and indexing. Beyond
that, I also see that we still have a config directory with zookeeper elements. I'm not sure
we want to merge these concepts together in this fashion. Can you shed some light on this?
    
    ```
    find extension_etc
    extension_etc
    extension_etc/parsers
    extension_etc/parsers/yaf
    extension_etc/parsers/yaf/config
    extension_etc/parsers/yaf/config/zookeeper
    extension_etc/parsers/yaf/config/zookeeper/parsers
    extension_etc/parsers/yaf/config/zookeeper/parsers/yaf.json
    extension_etc/parsers/yaf/config/zookeeper/indexing
    extension_etc/parsers/yaf/config/zookeeper/indexing/yaf.json
    extension_etc/parsers/yaf/config/zookeeper/enrichments
    extension_etc/parsers/yaf/config/zookeeper/enrichments/yaf.json
    extension_etc/parsers/yaf/config/elasticsearch
    extension_etc/parsers/yaf/config/elasticsearch/yaf_index.template
    extension_etc/parsers/yaf/patterns
    extension_etc/parsers/yaf/patterns/yaf
    extension_etc/parsers/yaf/patterns/common
    extension_etc/parsers/snort
    extension_etc/parsers/snort/config
    extension_etc/parsers/snort/config/zookeeper
    extension_etc/parsers/snort/config/zookeeper/parsers
    extension_etc/parsers/snort/config/zookeeper/parsers/snort.json
    extension_etc/parsers/snort/config/zookeeper/indexing
    extension_etc/parsers/snort/config/zookeeper/indexing/snort.json
    extension_etc/parsers/snort/config/zookeeper/enrichments
    extension_etc/parsers/snort/config/zookeeper/enrichments/snort.json
    extension_etc/parsers/snort/config/elasticsearch
    extension_etc/parsers/snort/config/elasticsearch/snort_index.template
    ```
    and
    ```
    find config/zookeeper/
    config/zookeeper/
    config/zookeeper/parsers
    config/zookeeper/parsers/jsonMap.json
    config/zookeeper/indexing
    config/zookeeper/indexing/error.json
    config/zookeeper/bundle.properties
    config/zookeeper/global.json
    ```


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message