Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Metron 0.4 Alert UI is Empty

avatar
author-rank mcas_uvaraj
Contributor

Created on ‎11-25-2017 12:34 PM - edited ‎08-17-2019 10:22 PM

I have installed Metron 0.4.x in Ubuntu 14.

I have started REST, Metron Management and Alert UI. But Alert is always empty for any search criteria.

Is there any guideline to use alert UI.

Note: Data available in Elasticsearch

42754-metron-alert.png

42755-metron-rest.png

1,541 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank asubramanian
Super Collaborator

Created ‎11-26-2017 04:36 PM

@Uvaraj Seerangan, you might be running into METRON-1283. You can confirm that you are hitting this issue as follows - Go to http://node1:9200/snort*/_mappings. If you are missing the "alerts" field from the mapping, then your Alert UI will come up empty

In order to fix the issue, follow these steps:

* Clear all existing Elasticsearch indices

* Go to Ambari UI -> Services -> Metron -> 'Service Actions' dropdown -> Elasticsearch Template Install

* Re-ingest data into Elasticsearch (or let the sensor-stubs running, if this is on full-dev deployment).

And you should now be able to see entries in the Alerts UI.

View solution in original post

1,304 Views
2 REPLIES 2

avatar
author-rank asubramanian
Super Collaborator

Created ‎11-26-2017 04:36 PM

@Uvaraj Seerangan, you might be running into METRON-1283. You can confirm that you are hitting this issue as follows - Go to http://node1:9200/snort*/_mappings. If you are missing the "alerts" field from the mapping, then your Alert UI will come up empty

In order to fix the issue, follow these steps:

* Clear all existing Elasticsearch indices

* Go to Ambari UI -> Services -> Metron -> 'Service Actions' dropdown -> Elasticsearch Template Install

* Re-ingest data into Elasticsearch (or let the sensor-stubs running, if this is on full-dev deployment).

And you should now be able to see entries in the Alerts UI.

1,305 Views

avatar
author-rank mcas_uvaraj
Contributor

Created ‎11-27-2017 01:24 PM

Thanks @asubramanian,

I have cleared the existing Elasticsearch indices. We have installed the Metron 0.4.1 manually in Ubuntu 14 as per the steps provided below URL, https://community.hortonworks.com/articles/88843/manually-installing-apache-metron-on-ubuntu-1404.ht... Uploaded Elasticsearch templates into ES and executed sensor-stubs. Now it is working.

1,304 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements