Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

import data from one metron cluster to another

avatar
Expert Contributor

Hi,

I wanted to have a portable rack with a metron cluster setup to pickup network traffic and would like to bring that data into another metron cluster (home base). Would it be possible to import/merge the data between two metron cluster?

Thank you!

1 ACCEPTED SOLUTION

avatar
Contributor

I can see a couple different options. You could either move your raw sensor data back home and then replay it through your home metron cluster or you could export the ES indices and HDFS archives and import them into your home cluster.

Migrating data from one metron cluster to another is not a common use case and is not something we test. You will likely need to do some research into migrating data between ES/HDFS clusters should you decide to go that route.

View solution in original post

4 REPLIES 4

avatar
Contributor

Is there any reason you couldn't just route all data to your home base Metron cluster?

avatar
Expert Contributor

Thank you for your response @rmerriman

yes, we do operational testing remotely and most of the time it doesn't have access back to our home cluster. We want to capture the network traffic remotely and bring it home.

avatar
Contributor

I can see a couple different options. You could either move your raw sensor data back home and then replay it through your home metron cluster or you could export the ES indices and HDFS archives and import them into your home cluster.

Migrating data from one metron cluster to another is not a common use case and is not something we test. You will likely need to do some research into migrating data between ES/HDFS clusters should you decide to go that route.

avatar
Expert Contributor

Thank you @rmerriman for your response.

I tried the replay route; however tcpreplay doesn't preserve the timestamp of the original packets and I have yet to find a workaround for that.

I'm going to try with the second option that you suggested. I'll look into data migration between ES/HDFS clusters. Thank you!