Support Questions

We are using Snort to send network packets to Apache Metron, and we want to calculate the average delay between packets (do a statistical analysis). Our solution is to write a java program by changing existing Snort topology inside Apache Storm (we want to make the least changes inside prepared java codes by Metron's team). First of all, is it a right solution?!

Currently, we are able to send packets via Nifi Site-to-Site from a remote machine to the Metron server and see the results in Elasticsearch. To do the job, which file(s) in Metron should be changed, and where should I save the output(s), HDFS for instance?

In the second step, we need to consider windowing to calculate the average value in specific periods. Any advice would be appreciated.