Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How to configure BasicPaloAltoFirewallParser/any java parser to Metron Topology

Solved Go to solution

How to configure BasicPaloAltoFirewallParser/any java parser to Metron Topology

Hi All,

I am followed the steps mentioned in below link and setup SQUID topology. The logs are getting enriched and indexed and visible in Kibana.

Now i need to add BasicPaloAltoFirewallParser(Paloalto topology). Below is config json file.

{

"parserClassName":"org.apache.metron.parsers.paloalto.BasicPaloAltoFirewallParser",

"sensorTopic":"newPalto",

"parserConfig": { "timestampField": "timestamp" }

}

I dont see any errors, but the logs are not pushed into "enrichments" topic

Any help would be much appreciated.

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: How to configure BasicPaloAltoFirewallParser/any java parser to Metron Topology

The issue was with logs which i was using. When i injected full logs from Paloalto firewall, the logs were being parsed, enriched and indexed.

Hopefully this will be helpfull for others.

Thanks,

Bharath

View solution in original post

1 REPLY 1
Highlighted

Re: How to configure BasicPaloAltoFirewallParser/any java parser to Metron Topology

The issue was with logs which i was using. When i injected full logs from Paloalto firewall, the logs were being parsed, enriched and indexed.

Hopefully this will be helpfull for others.

Thanks,

Bharath

View solution in original post

Don't have an account?
Coming from Hortonworks? Activate your account here