Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Metron 0.4 Alert UI is Empty

avatar
Contributor

I have installed Metron 0.4.x in Ubuntu 14.

I have started REST, Metron Management and Alert UI. But Alert is always empty for any search criteria.

Is there any guideline to use alert UI.

Note: Data available in Elasticsearch

42754-metron-alert.png

42755-metron-rest.png

1 ACCEPTED SOLUTION

avatar
Super Collaborator

@Uvaraj Seerangan, you might be running into METRON-1283. You can confirm that you are hitting this issue as follows - Go to http://node1:9200/snort*/_mappings. If you are missing the "alerts" field from the mapping, then your Alert UI will come up empty

In order to fix the issue, follow these steps:

* Clear all existing Elasticsearch indices

* Go to Ambari UI -> Services -> Metron -> 'Service Actions' dropdown -> Elasticsearch Template Install

* Re-ingest data into Elasticsearch (or let the sensor-stubs running, if this is on full-dev deployment).

And you should now be able to see entries in the Alerts UI.

View solution in original post

2 REPLIES 2

avatar
Super Collaborator

@Uvaraj Seerangan, you might be running into METRON-1283. You can confirm that you are hitting this issue as follows - Go to http://node1:9200/snort*/_mappings. If you are missing the "alerts" field from the mapping, then your Alert UI will come up empty

In order to fix the issue, follow these steps:

* Clear all existing Elasticsearch indices

* Go to Ambari UI -> Services -> Metron -> 'Service Actions' dropdown -> Elasticsearch Template Install

* Re-ingest data into Elasticsearch (or let the sensor-stubs running, if this is on full-dev deployment).

And you should now be able to see entries in the Alerts UI.

avatar
Contributor

Thanks @asubramanian,

I have cleared the existing Elasticsearch indices. We have installed the Metron 0.4.1 manually in Ubuntu 14 as per the steps provided below URL, https://community.hortonworks.com/articles/88843/manually-installing-apache-metron-on-ubuntu-1404.ht... Uploaded Elasticsearch templates into ES and executed sensor-stubs. Now it is working.