metron-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (METRON-1798) Add mpack support for parser aggregation
Date Mon, 01 Oct 2018 17:10:00 GMT

    [ https://issues.apache.org/jira/browse/METRON-1798?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16634336#comment-16634336
] 

ASF GitHub Bot commented on METRON-1798:
----------------------------------------

Github user nickwallen commented on the issue:

    https://github.com/apache/metron/pull/1215
  
    When switching parser topologies, some of the original parser topologies can fail to be
shut down properly.  
    
    #### Steps to Replicate:
    1. Start with default parsers; [bro,snort]
    1. Change Metron Parsers setting to use aggregation; ["bro","snort,yaf"]
    1. The original "snort" topology is never shutdown.  I would expect this to be shutdown.
    Parsers Running: bro, snort__yaf, snort
    Parsers Expected: bro, snort__yaf
    
    ![screen shot 2018-10-01 at 1 06 07 pm](https://user-images.githubusercontent.com/2475409/46303780-ccf39e80-c57a-11e8-96b7-953d0f3b0fef.png)
    
    It seems that the code needs to take into account the original field setting when shutting
down the parsers, but then use the new setting when starting the parsers.



> Add mpack support for parser aggregation
> ----------------------------------------
>
>                 Key: METRON-1798
>                 URL: https://issues.apache.org/jira/browse/METRON-1798
>             Project: Metron
>          Issue Type: Task
>            Reporter: Anand Subramanian
>            Assignee: Anand Subramanian
>            Priority: Major
>
> Support spawning of storm topologies if a user specifies an aggregated parser configuration
at: 
> Ambari -> Metron -> Configs -> Parsers -> "Metron Parsers"
>  
> For example, specifying the following:
> "bro,snort,yaf", "snort,yaf", yaf
> should spawn an aggregated topology for first two, and a regular topology for the 'yaf'.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message