You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@metron.apache.org by merrimanr <gi...@git.apache.org> on 2018/05/02 22:12:41 UTC

[GitHub] metron issue #1000: METRON-1533 Create KAFKA_FIND Stellar Function

Github user merrimanr commented on the issue:

    https://github.com/apache/metron/pull/1000
  
    I tested this in full dev and the results were somewhat inconsistent.  I listened on the enrichments topic with the kafka-console-consumer tool in one window:
    ```
    /usr/hdp/current/kafka-broker/bin/kafka-console-consumer.sh -z node1:2181 --topic enrichments
    ```
    While repeatedly running this command in another:
    ```
    KAFKA_FIND('enrichments', m -> MAP_GET('source.type', m) == 'snort')
    ```
    About 25-50% of the time the Stellar shell returned `[]` and the other times it would return a snort message as expected.
    
    How long will this command listen until it times out (or is it based on number of messages read)?  Sometimes it returned an empty array immediately.  Is this configurable?  


---