...
And another config to load the zookeeper enrichment config. Be sure to replace the $ZOOKEEPER placeholder with your Zookeeper quorum list:
{
"zkQuorum" : "$ZOOKEEPER_HOME:2181"
,"sensorToFieldList" : {
"squid" : {
"type" : "ENRICHMENT"
,"fieldToEnrichmentTypes" : {
"domain_without_subdomains" : [ "whois" ]
}
}
}
}
...
Which means that the system will map the whois enrichment to the field URL. Then execute the following command:
$METRON${METRON_HOME}/bin/flatfile_loader.sh -n enrichment_config.json -i whois_ref.csv -t enrichment -c t -e extractor_config.json
Where "$METRON_HOME" should be something like "/usr/metron/0.2.1BETA". After this your enrichment data will be loaded in Hbase and a Zookeeper mapping will be established. The data will be populated into Hbase HBase table called enrichment. To verify that the logs were properly ingested into Hbase HBase run the following command
hbase shell
echo "scan 'enrichment'" | hbase shell
You should see the table bulk loaded with data from the CSV file. Now check if Zookeeper enrichment tag was properly populated:
$METRON${METRON_HOME}/bin/zk_load_configs.sh -m DUMP -z localhost:2181$ZOOKEEPER
This spits out all of the configs to standard out, you should find one named "squid."
...