Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Metron 0.4 Alert UI is Empty

avatar
author-rank mcas_uvaraj
Contributor

Created on ‎11-25-2017 12:34 PM - edited ‎08-17-2019 10:22 PM

I have installed Metron 0.4.x in Ubuntu 14.

I have started REST, Metron Management and Alert UI. But Alert is always empty for any search criteria.

Is there any guideline to use alert UI.

Note: Data available in Elasticsearch

42754-metron-alert.png

42755-metron-rest.png

1,749 Views
0 Kudos
0
1 ACCEPTED SOLUTION

avatar
author-rank asubramanian
Super Collaborator

Created ‎11-26-2017 04:36 PM

@Uvaraj Seerangan, you might be running into METRON-1283. You can confirm that you are hitting this issue as follows - Go to http://node1:9200/snort*/_mappings. If you are missing the "alerts" field from the mapping, then your Alert UI will come up empty

In order to fix the issue, follow these steps:

* Clear all existing Elasticsearch indices

* Go to Ambari UI -> Services -> Metron -> 'Service Actions' dropdown -> Elasticsearch Template Install

* Re-ingest data into Elasticsearch (or let the sensor-stubs running, if this is on full-dev deployment).

And you should now be able to see entries in the Alerts UI.

View solution in original post

1,512 Views
0
2 REPLIES 2

avatar
author-rank asubramanian
Super Collaborator

Created ‎11-26-2017 04:36 PM

@Uvaraj Seerangan, you might be running into METRON-1283. You can confirm that you are hitting this issue as follows - Go to http://node1:9200/snort*/_mappings. If you are missing the "alerts" field from the mapping, then your Alert UI will come up empty

In order to fix the issue, follow these steps:

* Clear all existing Elasticsearch indices

* Go to Ambari UI -> Services -> Metron -> 'Service Actions' dropdown -> Elasticsearch Template Install

* Re-ingest data into Elasticsearch (or let the sensor-stubs running, if this is on full-dev deployment).

And you should now be able to see entries in the Alerts UI.

1,513 Views
0

avatar
author-rank mcas_uvaraj
Contributor

Created ‎11-27-2017 01:24 PM

Thanks @asubramanian,

I have cleared the existing Elasticsearch indices. We have installed the Metron 0.4.1 manually in Ubuntu 14 as per the steps provided below URL, https://community.hortonworks.com/articles/88843/manually-installing-apache-metron-on-ubuntu-1404.ht... Uploaded Elasticsearch templates into ES and executed sensor-stubs. Now it is working.

1,512 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements