You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@metron.apache.org by tom ryan <to...@gmail.com> on 2018/04/23 08:26:43 UTC

metron / spot comparison

Hi All,

Could someone shed a little light on the relative strengths and weaknesses
of Metron vs Spot? I couldn't find an existing answer, but if one exists
I'd appreciate a pointer.

Happy to provide more background on my use case and priorities if that
would help.

Thanks,
Tom

Re: metron / spot comparison

Posted by Michael Miklavcic <mi...@gmail.com>.

Just a heads up, there is active work on upgraded Solr support -
https://github.com/apache/metron/tree/feature/METRON-1416-upgrade-solr

On Mon, Apr 23, 2018 at 7:53 AM, David McGinnis <mcginnisd@avalonconsult.com
> wrote:

> Tom,
>
> While I'm not a Metron or Security expert by any means, I recently did a
> Metron POC and a partial Spot POC for a client, so I can at least give you
> what we found from the process. All notes are as of March, 2018, when the
> POCs were created.
>
> *Metron Pros:*
>
>    - Much more stable at this point
>    - Supports Kerberized clusters
>    - Installable through an MPack
>    - More flexible as far as what you can track and what you want to
>    alert on
>
>
> *Spot Pros:*
>
>    - More Machine Learning algorithms baked in and easier to use
>    - Once built, it seems to be more of a straightforward solution out of
>    the box (i.e. it knows what it's looking for, so you don't have to)
>
> *Differences That May Matter When Deciding:*
>
>    - Spot requires Impala, while Metron requires Elasticsearch and Kibana
>       - I've seen some documentation discussing using Solr instead of ES,
>       but I'm not sure how solid this is yet.
>
> My current guidance personally would be to use Metron if you are in HDP.
> If you are on another distribution, Metron still might be the right choice
> at the moment, but personally that would change once they get around to
> supporting kerberized environments and fleshing out their installation
> steps more.
>
> FWIW, the client ended up going with Metron, since they were on a secured
> HDP cluster anyways.
>
> On Mon, Apr 23, 2018 at 3:26 AM, tom ryan <to...@gmail.com> wrote:
>
>> Hi All,
>>
>> Could someone shed a little light on the relative strengths and
>> weaknesses of Metron vs Spot? I couldn't find an existing answer, but if
>> one exists I'd appreciate a pointer.
>>
>> Happy to provide more background on my use case and priorities if that
>> would help.
>>
>> Thanks,
>> Tom
>>
>
>
>
> --
> David McGinnis
> Staff Hadoop Consultant | Avalon Consulting, LLC
> <http://www.avalonconsult.com/>M: (513) 439-0082
> LinkedIn <http://www.linkedin.com/company/avalon-consulting-llc> | Google+
> <http://www.google.com/+AvalonConsultingLLC> | Twitter
> <https://twitter.com/avalonconsult>
> ------------------------------------------------------------
> -------------------------------------------------
> This message (including any attachments) contains confidential information
> intended for a specific individual and purpose, and is protected by law.
> If
> you are not the intended recipient, you should delete this message. Any
> disclosure, copying, or distribution of this message, or the taking of any
> action based on it, is strictly prohibited.
>

Re: metron / spot comparison

Posted by David McGinnis <mc...@avalonconsult.com>.

Tom,

While I'm not a Metron or Security expert by any means, I recently did a
Metron POC and a partial Spot POC for a client, so I can at least give you
what we found from the process. All notes are as of March, 2018, when the
POCs were created.

*Metron Pros:*

   - Much more stable at this point
   - Supports Kerberized clusters
   - Installable through an MPack
   - More flexible as far as what you can track and what you want to alert
   on


*Spot Pros:*

   - More Machine Learning algorithms baked in and easier to use
   - Once built, it seems to be more of a straightforward solution out of
   the box (i.e. it knows what it's looking for, so you don't have to)

*Differences That May Matter When Deciding:*

   - Spot requires Impala, while Metron requires Elasticsearch and Kibana
      - I've seen some documentation discussing using Solr instead of ES,
      but I'm not sure how solid this is yet.

My current guidance personally would be to use Metron if you are in HDP. If
you are on another distribution, Metron still might be the right choice at
the moment, but personally that would change once they get around to
supporting kerberized environments and fleshing out their installation
steps more.

FWIW, the client ended up going with Metron, since they were on a secured
HDP cluster anyways.

On Mon, Apr 23, 2018 at 3:26 AM, tom ryan <to...@gmail.com> wrote:

> Hi All,
>
> Could someone shed a little light on the relative strengths and weaknesses
> of Metron vs Spot? I couldn't find an existing answer, but if one exists
> I'd appreciate a pointer.
>
> Happy to provide more background on my use case and priorities if that
> would help.
>
> Thanks,
> Tom
>



-- 
David McGinnis
Staff Hadoop Consultant | Avalon Consulting, LLC
<http://www.avalonconsult.com/>M: (513) 439-0082
LinkedIn <http://www.linkedin.com/company/avalon-consulting-llc> | Google+
<http://www.google.com/+AvalonConsultingLLC> | Twitter
<https://twitter.com/avalonconsult>
-------------------------------------------------------------------------------------------------------------
This message (including any attachments) contains confidential information
intended for a specific individual and purpose, and is protected by law. If
you are not the intended recipient, you should delete this message. Any
disclosure, copying, or distribution of this message, or the taking of any
action based on it, is strictly prohibited.