Support Questions
Find answers, ask questions, and share your expertise
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

No Alerts on Metron UI


No Alerts on Metron UI

New Contributor

Installed HDP 3.1.4 on ambari 2.7.3 with HCP for Typosquatting usecase on a single node of 8 cores and 30 GB RAM. Also installed Apache Nifi for publishing squid logs to Kafka.


As i am new, I have followed github guide from :


All my processes have started and running green in ambari UI.


Logs via Nifi Kafka Publish are working fine. Sensor is able to detect traffic.

Data flows via Squid SensorData flows via Squid Sensor


Storm UI has active supervisor for topology execution.

Storm UIStorm UIStorm UI details for Squid TopologyStorm UI details for Squid Topology


Sample header extract for creation of squid_index

Sample header for  Index templateSample header for Index template


I am not able to add squid_index* pattern in Kibana!

Not able to add squid_index*Not able to add squid_index*


What i feel is because of this, since there is no index creation in Elastic Search and thus no alert in Alert UI of Metron UI

GET /_cat/indices?v 


No  new index created.No new index created.No Logs alert in UINo Logs alert in UI


I had cleared /var/logs/metron/metron-rest.log earlier and there was never any error reported in this log.


Am i missing some thing?


Re: No Alerts on Metron UI

Master Collaborator

@saqie have you created the indexes in elasticsearch?   What was the output of the index template creation?  Ok, or other?   In the indices screen shot can see there are no squid* indexes there.  So you would need to investigate why its not getting created.   


During execution you can also monitor storm, kibana, and elasticsearch logs.  You may find additional details there.



If this answer resolves your issue or allows you to move forward, please choose to ACCEPT this solution and close this topic. If you have further dialogue on this topic please comment here or feel free to private message me. If you have new questions related to your Use Case please create separate topic and feel free to tag me in your post.  




Re: No Alerts on Metron UI

New Contributor

Output after running command for creation of index gives me


    "acknowledged": true


Also, if i run :


GET _template/


I can see squid_index in the list where others like:  


yaf_index, metaalert_index, error_index, .kibana, snort_index, bro_index


is present!


However, adding an index pattern is not possible as per earlier screenshot in question description.

Since, I am new to this, can you help me with locations of various logs i need to check?


Re: No Alerts on Metron UI


Were you able to get this resolved? I am having the same issue now

Don't have an account?
Coming from Hortonworks? Activate your account here