Support Questions
Find answers, ask questions, and share your expertise
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Best approach to populate metadata related to events in metron


Best approach to populate metadata related to events in metron


I have an HCP cluster ( 1.6 ) for my network data analysis. I am indexing my network's Active directory events captured via splunk using AD monitoring. For this log I am getting events as notifications ( User created, User permission changed , Computer provisioned etc ) in case of an update or change in AD system. I wanted to maintain an asset inventory ( Users, Computers and Network devices ) in an HBase table for visualising purpose from these events. What is the best approach or out of metron components (Parser, Enrichment, ThreatIntel & Indexing ) where this module best fits in ? I am planning to write a custom stellar function which will then be called from enrichment to update HBase inventory upon each event. Is this best approach ? I could not handle this using profiler as I won't be having control over HBase table and column families.

Don't have an account?
Coming from Hortonworks? Activate your account here