Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

Metron 0.4 Alert UI is Empty

avatar
author-rank mcas_uvaraj
New Member

Created on ‎11-25-2017 12:34 PM - edited ‎08-17-2019 10:22 PM

I have installed Metron 0.4.x in Ubuntu 14.

I have started REST, Metron Management and Alert UI. But Alert is always empty for any search criteria.

Is there any guideline to use alert UI.

Note: Data available in Elasticsearch

42754-metron-alert.png

42755-metron-rest.png

2,395 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank asubramanian
Super Collaborator

Created ‎11-26-2017 04:36 PM

@Uvaraj Seerangan, you might be running into METRON-1283. You can confirm that you are hitting this issue as follows - Go to http://node1:9200/snort*/_mappings. If you are missing the "alerts" field from the mapping, then your Alert UI will come up empty

In order to fix the issue, follow these steps:

* Clear all existing Elasticsearch indices

* Go to Ambari UI -> Services -> Metron -> 'Service Actions' dropdown -> Elasticsearch Template Install

* Re-ingest data into Elasticsearch (or let the sensor-stubs running, if this is on full-dev deployment).

And you should now be able to see entries in the Alerts UI.

View solution in original post

2,158 Views
2 REPLIES 2

avatar
author-rank asubramanian
Super Collaborator

Created ‎11-26-2017 04:36 PM

@Uvaraj Seerangan, you might be running into METRON-1283. You can confirm that you are hitting this issue as follows - Go to http://node1:9200/snort*/_mappings. If you are missing the "alerts" field from the mapping, then your Alert UI will come up empty

In order to fix the issue, follow these steps:

* Clear all existing Elasticsearch indices

* Go to Ambari UI -> Services -> Metron -> 'Service Actions' dropdown -> Elasticsearch Template Install

* Re-ingest data into Elasticsearch (or let the sensor-stubs running, if this is on full-dev deployment).

And you should now be able to see entries in the Alerts UI.

2,159 Views

avatar
author-rank mcas_uvaraj
New Member

Created ‎11-27-2017 01:24 PM

Thanks @asubramanian,

I have cleared the existing Elasticsearch indices. We have installed the Metron 0.4.1 manually in Ubuntu 14 as per the steps provided below URL, https://community.hortonworks.com/articles/88843/manually-installing-apache-metron-on-ubuntu-1404.ht... Uploaded Elasticsearch templates into ES and executed sensor-stubs. Now it is working.

2,158 Views
0 Kudos
Announcements
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.17: Python UDFs, S...
Community Announcements
Content Update: Evolving Our Community Content for Better, A...
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
What's New @ Cloudera
Announcing Cloudera Streaming Analytics Operator for Kuberne...
View More Announcements