Support Questions
Find answers, ask questions, and share your expertise
Alert: Please see the Cloudera blog for information on the Cloudera Response to CVE-2021-4428

Ambari with Metron


Hi, I've seen the presentation about Metron Result will go to hadoop and also will be available for elastic search. If i use ambari the where amabari will look to? hadoop or elastic search?


Super Guru
@Bramantya Anggriawan

While we can use Ambari managed HDP cluster with Metron (link here), but Ambari is simply managing the cluster. If you want to manage Elastic search through Ambari, you can use the following "unsupported" ambari elastic search service to manage Elastic Search from ambari.

But you are not going to be looking into your Metron data through Ambari. That will be either querying elastic Search (assume Kibana dashboard) or query HBase/HDFS where Metron stores data. Supported Metron data stores.

Telemetry event data is indexed in Elastic Search and stored in HDFS.

Rising Star

HI @Bramantya Anggriawan,

I'd recommend against using the Symantec service defination. Metron actually has an Ambari Management pack that will install service definitions for Elasticsearch, Kibana, and Metron. You can find it here. The README has installation details. Please let me know if there's anything confusing there.