Hello @George Vetticaden Again, as concerned in source of Metron, there is no Hive but metron new architecture picture which is shown in above, shows as HDFS Bolt to Hive in enrichment storm topology. However, currently, there is only available HBase that is used in Metron for big data store? Also as shown in Metron currently just one Index Bolt(actually writer bolts) to HDFS and/or ES/Solrin enrichment topology, also for only pcap only is writen to HDFS and HBase without indexing, so there is no Alert Bolt and Kafka Bolt? Are they planned new feature or? Thanks in advance. ... View more

As mention in Metron source code, after Step 6, it does not only store event to HDFS but also it indexes the data to Elasticsearch and/or Solr? ... View more