You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@metron.apache.org by "Otto Fowler (JIRA)" <ji...@apache.org> on 2017/11/17 05:17:00 UTC

[jira] [Commented] (METRON-1256) CEFParser issue - CEF parser only finding "Found %d groups" for ZScalar traffic

    [ https://issues.apache.org/jira/browse/METRON-1256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16256490#comment-16256490 ] 

Otto Fowler commented on METRON-1256:
-------------------------------------

Can you provide a sanitized example of the data?  One line is enough.


> CEFParser  issue - CEF parser only finding "Found %d groups" for ZScalar traffic
> --------------------------------------------------------------------------------
>
>                 Key: METRON-1256
>                 URL: https://issues.apache.org/jira/browse/METRON-1256
>             Project: Metron
>          Issue Type: Bug
>    Affects Versions: 0.4.1
>         Environment: apache metron 0.4.1 in AWS, being fed zscalar traffic in CEF format.
>            Reporter: ed de
>
> Zscalar logs are flowing from zscalar -> nifi -> kafka -> storm.
> storm logs are showing the following INFO message:
> 2017-09-26 18:02:49.974 o.a.m.p.c.CEFParser [INFO] Found %d groups
> The concern is that the logs are not actually being processed and this error message indicates a loss of visibility in the logs parsing. If this is not true, then maybe the message can be modified to reflect this?



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)