You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@metron.apache.org by Vladimir Shlyakhtin <Vl...@sstech.us> on 2017/09/07 16:41:27 UTC
PCAP dataflow
Hello
I just wondering about dataflow for PCAP data.
Currently packets are moved to pcap topology and saved to hdfs.
In previous verison of Kibana it was possible to visualize it.
But how to do it now...
As workaround I see only exporting data (pcap_query.sh) from HDFS to Hive table(s), so reports will be able to access it.
Or maybe you can suggest something else. What is the future plan for it?
Thank you
Regards,
- Vladimir
Re: PCAP dataflow
Posted by Otto Fowler <ot...@gmail.com>.
I was looking specifically for a jira that there needed to be a replacement
for the previous kibana based pcap ui.
On September 7, 2017 at 14:55:06, Zeolla@GMail.com (zeolla@gmail.com) wrote:
Otto, I think you were looking for
https://issues.apache.org/jira/browse/METRON-192
Jon
On Thu, Sep 7, 2017 at 1:16 PM Otto Fowler <ot...@gmail.com> wrote:
> I believe there was some visualization in the original metron port from
> opensoc, but that was for an older version of kibana and was lost.
> I cannot find a jira to replace it, but maybe I’m not querying correctly.
>
> I am sure it is something we would like to have, although I’m not sure
> what UI it would go into ( we are up to 4 -> Management, Alerts, Kibana,
> and Zepplin ).
>
> https://github.com/apache/metron/pull/559 added a zeppelin dashboard for
> visualizing pcap queries. That is where you should start.
>
> Other than that, you may want to enter a jira with what you think would be
> useful.
>
>
>
>
> On September 7, 2017 at 12:41:37, Vladimir Shlyakhtin (
> vladimir.shlyakhtin@sstech.us) wrote:
>
> Hello
>
> I just wondering about dataflow for PCAP data.
> Currently packets are moved to pcap topology and saved to hdfs.
> In previous verison of Kibana it was possible to visualize it.
> But how to do it now...
> As workaround I see only exporting data (pcap_query.sh) from HDFS to Hive
> table(s), so reports will be able to access it.
> Or maybe you can suggest something else. What is the future plan for it?
>
> Thank you
>
>
> Regards,
> - Vladimir
>
> --
Jon
Re: PCAP dataflow
Posted by "Zeolla@GMail.com" <ze...@gmail.com>.
Otto, I think you were looking for
https://issues.apache.org/jira/browse/METRON-192
Jon
On Thu, Sep 7, 2017 at 1:16 PM Otto Fowler <ot...@gmail.com> wrote:
> I believe there was some visualization in the original metron port from
> opensoc, but that was for an older version of kibana and was lost.
> I cannot find a jira to replace it, but maybe I’m not querying correctly.
>
> I am sure it is something we would like to have, although I’m not sure
> what UI it would go into ( we are up to 4 -> Management, Alerts, Kibana,
> and Zepplin ).
>
> https://github.com/apache/metron/pull/559 added a zeppelin dashboard for
> visualizing pcap queries. That is where you should start.
>
> Other than that, you may want to enter a jira with what you think would be
> useful.
>
>
>
>
> On September 7, 2017 at 12:41:37, Vladimir Shlyakhtin (
> vladimir.shlyakhtin@sstech.us) wrote:
>
> Hello
>
> I just wondering about dataflow for PCAP data.
> Currently packets are moved to pcap topology and saved to hdfs.
> In previous verison of Kibana it was possible to visualize it.
> But how to do it now...
> As workaround I see only exporting data (pcap_query.sh) from HDFS to Hive
> table(s), so reports will be able to access it.
> Or maybe you can suggest something else. What is the future plan for it?
>
> Thank you
>
>
> Regards,
> - Vladimir
>
> --
Jon
Re: PCAP dataflow
Posted by Otto Fowler <ot...@gmail.com>.
I believe there was some visualization in the original metron port from
opensoc, but that was for an older version of kibana and was lost.
I cannot find a jira to replace it, but maybe I’m not querying correctly.
I am sure it is something we would like to have, although I’m not sure what
UI it would go into ( we are up to 4 -> Management, Alerts, Kibana, and
Zepplin ).
https://github.com/apache/metron/pull/559 added a zeppelin dashboard for
visualizing pcap queries. That is where you should start.
Other than that, you may want to enter a jira with what you think would be
useful.
On September 7, 2017 at 12:41:37, Vladimir Shlyakhtin (
vladimir.shlyakhtin@sstech.us) wrote:
Hello
I just wondering about dataflow for PCAP data.
Currently packets are moved to pcap topology and saved to hdfs.
In previous verison of Kibana it was possible to visualize it.
But how to do it now...
As workaround I see only exporting data (pcap_query.sh) from HDFS to Hive
table(s), so reports will be able to access it.
Or maybe you can suggest something else. What is the future plan for it?
Thank you
Regards,
- Vladimir