THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
The first profile is called squid-miss. It profiles by the source IP from the squid telemetry only and counts the number of TCP misses of the proxy for the time window length we setup previously. In the update clause we see that every time it finds this condition to be true it adds 1 to the profile, thereby counting the number of times the profile the condition has occurred. The second profile we see profiles the cumulative length of the URLs of that the users hit per a time window. There are multiple additional profiles that can be setup. Refer to the instructions here: https://github.com/apache/incubator-metron/tree/master/metron-analytics/metron-profiler
Now that we have the profiles setup exit the editor and lets push the config back into zookeeper
CONFIG_PUT(profilerConfig)
...
This merges all your profile windows into one. So now you can ask the same thing over last 2 hours. We will see in the next section how to integrate this into the a triage rule so that we can leverage the profile information in triaging alerts.