I am using apache metron with elasticsearch, the "metron alert ui/kibana" does not show any data until i restart the `metron indexing` on ambari page. The sensor of snort is sending the data to nifi, from the nifi it send to the kafka. The kafka have the created the topic as expected and the topology are created on storm ui. Unfortunately, the indices on ES is not created, hence no data was displayed on the metron alert ui. After restart the `metron indexing` servive on ambari the data started to shown on kibana and alert ui becouse the indices are now created. so what it need to be done to indices to be created automatically (live data).
Yeah it's working, but need to restart the metron indexing for data are indexed on elasticsearch. I already reconfigure Elasticsearch with manual installation(yum install) and not using ambari. The data now are live on metron alert ui. Btw, thanks for your blog on datahovel.com