Support Questions

Find answers, ask questions, and share your expertise

No Alerts on Metron UI

New Contributor

Installed HDP 3.1.4 on ambari 2.7.3 with HCP for Typosquatting usecase on a single node of 8 cores and 30 GB RAM. Also installed Apache Nifi for publishing squid logs to Kafka.


As i am new, I have followed github guide from :


All my processes have started and running green in ambari UI.


Logs via Nifi Kafka Publish are working fine. Sensor is able to detect traffic.

Data flows via Squid SensorData flows via Squid Sensor


Storm UI has active supervisor for topology execution.

Storm UIStorm UIStorm UI details for Squid TopologyStorm UI details for Squid Topology


Sample header extract for creation of squid_index

Sample header for  Index templateSample header for Index template


I am not able to add squid_index* pattern in Kibana!

Not able to add squid_index*Not able to add squid_index*


What i feel is because of this, since there is no index creation in Elastic Search and thus no alert in Alert UI of Metron UI

GET /_cat/indices?v 


No  new index created.No new index created.No Logs alert in UINo Logs alert in UI


I had cleared /var/logs/metron/metron-rest.log earlier and there was never any error reported in this log.


Am i missing some thing?


@saqie have you created the indexes in elasticsearch?   What was the output of the index template creation?  Ok, or other?   In the indices screen shot can see there are no squid* indexes there.  So you would need to investigate why its not getting created.   


During execution you can also monitor storm, kibana, and elasticsearch logs.  You may find additional details there.

New Contributor

Output after running command for creation of index gives me


    "acknowledged": true


Also, if i run :


GET _template/


I can see squid_index in the list where others like:  


yaf_index, metaalert_index, error_index, .kibana, snort_index, bro_index


is present!


However, adding an index pattern is not possible as per earlier screenshot in question description.

Since, I am new to this, can you help me with locations of various logs i need to check?


Were you able to get this resolved? I am having the same issue now

Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.