I'm having a similar issue. In my case I'm feeding Yaf data to Kafka (it works correctly). Then it gives the parsing error: java.lang.IllegalStateException: Grok parser Error: Grok statement produced a null message. Original message was: I used the Metron's default YAF Grok pattern. I have checked the logs in http://grokconstructor.appspot.com and it is able to correctly match the pattern. Furthermore, I use the "Test" button on Metron's UI to check whether the patter is able to extract the fields from the log and it also works correctly. Does anyone knows why this fails? Example Log: 2018-04-04 10:05:32.533|2018-04-04 10:05:32.533| 0.000| 0.000| 6| 10.5.0.83| 2869| 10.5.0.97|52023| AR| 0| 0| 0|c019c454|00000000|000|000| 1| 40| 0| 0| 0| Yaf Pattern YAF_TIME_FORMAT %{YEAR:UNWANTED}-%{MONTHNUM:UNWANTED}-%{MONTHDAY:UNWANTED}[T ]%{HOUR:UNWANTED}:%{MINUTE:UNWANTED}:%{SECOND:UNWANTED} YAF_DELIMITED %{YAF_TIME_FORMAT:start_time}\|%{YAF_TIME_FORMAT:end_time}\|%{SPACE:UNWANTED}%{BASE10NUM:duration}\|%{SPACE:UNWANTED}%{BASE10NUM:rtt}\|%{SPACE:UNWANTED}%{INT:protocol}\|%{SPACE:UNWANTED}%{IP:ip_src_addr}\|%{SPACE:UNWANTED}%{INT:ip_src_port}\|%{SPACE:UNWANTED}%{IP:ip_dst_addr}\|%{SPACE:UNWANTED}%{INT:ip_dst_port}\|%{SPACE:UNWANTED}%{DATA:iflags}\|%{SPACE:UNWANTED}%{DATA:uflags}\|%{SPACE:UNWANTED}%{DATA:riflags}\|%{SPACE:UNWANTED}%{DATA:ruflags}\|%{SPACE:UNWANTED}%{WORD:isn}\|%{SPACE:UNWANTED}%{DATA:risn}\|%{SPACE:UNWANTED}%{DATA:tag}\|%{GREEDYDATA:rtag}\|%{SPACE:UNWANTED}%{INT:pkt}\|%{SPACE:UNWANTED}%{INT:oct}\|%{SPACE:UNWANTED}%{INT:rpkt}\|%{SPACE:UNWANTED}%{INT:roct}\|%{SPACE:UNWANTED}%{INT:app}\|%{GREEDYDATA:end_reason} ... View more

I submitted a fix to this README. You can view progress here https://github.com/apache/metron/pull/601 https://issues.apache.org/jira/browse/METRON-977 @HS, the Metron community always looking for contributors and future committers and is extremely helpful (imho) in getting users involved. I see you've been active on the Metron boards here on HCC and we would be happy to get you open source community credit should you also choose to submit Jiras/PRs in the future. Best, Mike. ... View more

I am trying to install metron on ubutnu 16.04 server and receiving following error. any help would be appreciated\. THanks TASK [ambari_config : Deploy cluster with Ambari; http://node1:8080] *********** fatal: [node1]: FAILED! => {"changed": false, "failed": true, "msg": "value of wait_for_complete must be one of: y,yes,on,1,true,1,True,n,no,off,0,false,0,False, got: True"} to retry, use: --limit @/home/rendev/Downloads/incubator-metron-Metron_0.2.1BETA_rc2/metron-deployment/playbooks/metron_full_install.retry PLAY RECAP ********************************************************************* node1 : ok=31 changed=23 unreachable=0 failed=1 Ansible failed to complete successfully. Any error output should be visible above. Please fix these errors and try again. , I am trying to install metron on ubutnu 16.04 server and receiving following error. any help would be appreciated: TASK [ambari_config : Deploy cluster with Ambari; http://node1:8080] *********** fatal: [node1]: FAILED! => {"changed": false, "failed": true, "msg": "value of wait_for_complete must be one of: y,yes,on,1,true,1,True,n,no,off,0,false,0,False, got: True"} to retry, use: --limit @/home/rendev/Downloads/incubator-metron-Metron_0.2.1BETA_rc2/metron-deployment/playbooks/metron_full_install.retry PLAY RECAP ********************************************************************* node1 : ok=31 changed=23 unreachable=0 failed=1 Ansible failed to complete successfully. Any error output should be visible above. Please fix these errors and try again. ... View more