Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Metron 0.4 Alert UI is Empty

Solved Go to solution
Highlighted

Metron 0.4 Alert UI is Empty

New Contributor

I have installed Metron 0.4.x in Ubuntu 14.

I have started REST, Metron Management and Alert UI. But Alert is always empty for any search criteria.

Is there any guideline to use alert UI.

Note: Data available in Elasticsearch

42754-metron-alert.png

42755-metron-rest.png

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Metron 0.4 Alert UI is Empty

Super Collaborator

@Uvaraj Seerangan, you might be running into METRON-1283. You can confirm that you are hitting this issue as follows - Go to http://node1:9200/snort*/_mappings. If you are missing the "alerts" field from the mapping, then your Alert UI will come up empty

In order to fix the issue, follow these steps:

* Clear all existing Elasticsearch indices

* Go to Ambari UI -> Services -> Metron -> 'Service Actions' dropdown -> Elasticsearch Template Install

* Re-ingest data into Elasticsearch (or let the sensor-stubs running, if this is on full-dev deployment).

And you should now be able to see entries in the Alerts UI.

2 REPLIES 2

Re: Metron 0.4 Alert UI is Empty

Super Collaborator

@Uvaraj Seerangan, you might be running into METRON-1283. You can confirm that you are hitting this issue as follows - Go to http://node1:9200/snort*/_mappings. If you are missing the "alerts" field from the mapping, then your Alert UI will come up empty

In order to fix the issue, follow these steps:

* Clear all existing Elasticsearch indices

* Go to Ambari UI -> Services -> Metron -> 'Service Actions' dropdown -> Elasticsearch Template Install

* Re-ingest data into Elasticsearch (or let the sensor-stubs running, if this is on full-dev deployment).

And you should now be able to see entries in the Alerts UI.

Re: Metron 0.4 Alert UI is Empty

New Contributor

Thanks @asubramanian,

I have cleared the existing Elasticsearch indices. We have installed the Metron 0.4.1 manually in Ubuntu 14 as per the steps provided below URL, https://community.hortonworks.com/articles/88843/manually-installing-apache-metron-on-ubuntu-1404.ht... Uploaded Elasticsearch templates into ES and executed sensor-stubs. Now it is working.

Don't have an account?
Coming from Hortonworks? Activate your account here