Re: Indexing error on apache metron

xarulamim · ‎12-24-2018

Hello,

I am using apache metron with elasticsearch, the "metron alert ui/kibana" does not show any data until i restart the `metron indexing` on ambari page. The sensor of snort is sending the data to nifi, from the nifi it send to the kafka. The kafka have the created the topic as expected and the topology are created on storm ui. Unfortunately, the indices on ES is not created, hence no data was displayed on the metron alert ui. After restart the `metron indexing` servive on ambari the data started to shown on kibana and alert ui becouse the indices are now created. so what it need to be done to indices to be created automatically (live data).

StefanDunkler · ‎12-31-2018

Hi @Amirul

seems like you got it working, because you are seeing events in elastic. :)

You mention an "Indexing error". Do you have a log snippet that shows the error message?

xarulamim · ‎12-31-2018

Hi @Stefan Kupstaitis-Dunkler

Yeah it's working, but need to restart the metron indexing for data are indexed on elasticsearch. I already reconfigure Elasticsearch with manual installation(yum install) and not using ambari. The data now are live on metron alert ui. Btw, thanks for your blog on datahovel.com