You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@metron.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/11/01 13:48:58 UTC

[jira] [Commented] (METRON-249) Field Transformation functions fail to handle invalid user inputs

    [ https://issues.apache.org/jira/browse/METRON-249?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15625479#comment-15625479 ] 

ASF GitHub Bot commented on METRON-249:
---------------------------------------

Github user cestella commented on the issue:

    https://github.com/apache/incubator-metron/pull/333
  
    Ran this up in SNV (with storm 1.0.x even! ;) and it works.  See image below for the error message.
    
    <img width="1422" alt="proof" src="https://cloud.githubusercontent.com/assets/540359/19891833/41154078-a018-11e6-9caa-65e4bcf36075.png">
    



> Field Transformation functions fail to handle invalid user inputs 
> ------------------------------------------------------------------
>
>                 Key: METRON-249
>                 URL: https://issues.apache.org/jira/browse/METRON-249
>             Project: Metron
>          Issue Type: Bug
>            Reporter: Neha Sinha
>            Priority: Minor
>              Labels: platform
>             Fix For: 0.2.1BETA
>
>         Attachments: LogException.rtf
>
>
> Hi,
> The field transformation functions fail to handle invalid user input .On providing invalid inputs the parser throws exceptions and fails to create the required indices in elasticsearch.
> ==========================
> Steps to Reproduce
> ==========================
> Edit the squid.json file and provide the following definition to it:-(Note-we are giving an invalid input :-123 to the URL_TO_HOST function)
> -----------------------------------------------------------------------------------------------
> {
>   "parserClassName": "org.apache.metron.parsers.GrokParser",
>   "sensorTopic": "squid",
>   "parserConfig": {
>     "grokPath": "/patterns/squid",
>     "patternLabel": "SQUID_DELIMITED",
>     "timestampField": "timestamp"
>   },
>   "fieldTransformations" : [
>     {
>       "transformation" : "MTL"
>     ,"output" : [ "full_hostname", "domain_without_subdomains" ]
>     ,"config" : {
>       "full_hostname" : “URL_TO_HOST(123)"
>       ,"domain_without_subdomains" : "DOMAIN_REMOVE_SUBDOMAINS(full_hostname)"
>                 }
>     }
>                            ]
> }
> ----------------------------------------------------------------------------------------------------
> Replay Squid events/logs and monitor the logs in storm for squid topology.
> Attached exception log would be seen and no indexes would be created respective to the logs.
> Expected Behaviour :-
> 1.The error should be more clean.
> 2.Since we cannot validate the inputs the invalid inputs should be ignored and the indices should get created anyway based on the Grok parser output 
> Regards,
> Neha



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)