Hi, I've seen the presentation about Metron Result will go to hadoop and also will be available for elastic search. If i use ambari the where amabari will look to? hadoop or elastic search?
While we can use Ambari managed HDP cluster with Metron (link here), but Ambari is simply managing the cluster. If you want to manage Elastic search through Ambari, you can use the following "unsupported" ambari elastic search service to manage Elastic Search from ambari.
But you are not going to be looking into your Metron data through Ambari. That will be either querying elastic Search (assume Kibana dashboard) or query HBase/HDFS where Metron stores data. Supported Metron data stores.
Telemetry event data is indexed in Elastic Search and stored in HDFS.
I'd recommend against using the Symantec service defination. Metron actually has an Ambari Management pack that will install service definitions for Elasticsearch, Kibana, and Metron. You can find it here. The README has installation details. Please let me know if there's anything confusing there.