THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
- Now that we have the enrichment source and enrichment config defined, we can now run the loader to move the data from the enrichment source to the Metron enrichment Store and store the enrichment config in zookeeper.
- /usr/metron/$METRON_RELEASE/bin/flatfile_loader.sh -n enrichment_config.json -i whois_ref.csv -t enrichment -c t -e extractor_config.json
- After this your enrichment data will be loaded in Hbase and a Zookeeper mapping will be established. The data will be populated into Hbase table called enrichment. To verify that the logs were properly ingested into Hbase run the following command:
hbase shell
scan 'enrichment' To check if Zookeeper enrichment tag was properly populated, run the following:
/usr/metron/0.1BETA/bin/zk_load_configs.sh -m DUMP -z ZOOKEEPER_HOST:2181
Generate some data by using the squid client to execute http requests (do this about 20 time
squidclient http://www.cnn.com
Step 5: View the
...
New Enriched Telemetry Events in Metron UI
- Go to the Metron UI: http://METRON_UI_HOST:5000
- Select Dashboard Tab
- Edit the Squid Event Details Panel that you created in the Add Telemetry Docs by clicking on the edit icon. You will be taken to the Discover page.
- Add the following new enrichment fields to the selected fields section (see section highlighted in red)
- Click the Save Button to save the Search and save it with same name "Squid Event Details".
- Click on the Dashboard Page and delete the Squid Event Details panel and re-add it.
- The Squid Event Details panel should now have the new enriched fields.
...