Support Questions

nnat25191 · ‎01-31-2018

Hi,

I've noticed in the later releases of Metron, there's a new script pcap_zeppelin_run.sh. Does anyone know the use case of this script? I'm very curious in any pcap development within Metron. From reading the script, it looks like a it wraps around the pcap_query script and it's still in the testing phase? Will we be doing pcap query from zeppelin notebook?

thanks

sball · ‎02-05-2018

The intention behind this is very much to move towards PCAP query within zeppelin. This script is effectively a backend to provide access to pcap query via a zeppelin interpreter. If you install the sample zeppelin notebooks you will find one demonstrating the PCAP capabilities.

The notebook is used like this:

View solution in original post

sball · ‎02-05-2018

The intention behind this is very much to move towards PCAP query within zeppelin. This script is effectively a backend to provide access to pcap query via a zeppelin interpreter. If you install the sample zeppelin notebooks you will find one demonstrating the PCAP capabilities.

The notebook is used like this:

nnat25191 · ‎02-06-2018

@Simon Elliston Ball

Wonderful news! Thank you for the snapshot and the information, I was able to run the script, but I need to work on the query syntax. I assume the query syntax is in Stellar.

Cloudera Community

Support Questions

metron pcap query