eagle-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean Rossier <j...@sqooba.io>
Subject Re: HDFS Data Activity Monitoring - demo in Eagle
Date Thu, 23 Mar 2017 17:41:22 GMT
Hi,

ok I followed the quick start steps.
I have a policy similar to the one shown in the page:
"definition": {
      "type": "siddhi",
      "value": "from hdfs_audit_log_enriched_stream[user=='root'] select *
insert into hdfs_audit_log_enriched_stream_out"
   }
My stream 'hdfs_audit_log_enriched_stream' is linked to a Kafka topic, and
I see logs from user 'root' flowing to this topic. However, I don't see any
alert in the UI. I don't see any error log in eagle-server.log file either.
I also set an email publishment, but I don't get any email.

A few questions:
1. Do I need to define a publishment to see the alerts ? Or do the alerts
appear in the alerts menu even if no publishment is linked to the policy ?
2. Could you point me some classes for which I could set a lower log level
to get more insights on what happens in the process [read kafka topic] -->
[apply siddhi filter] --> [create alert]

thanks
Jean

On Wed, Mar 22, 2017 at 7:29 PM, SUDHA JENSLIN <sjenslin@gmail.com> wrote:

> Please follow this: https://cwiki.apache.org/confluence/display/EAG/
> Quick+Start+with+Alert+Engine+through+API.
>
> It has every step.
>
> Audit_log_alert is the publishment (named as hdfs_audit_log_enriched_
> stream_out
>  in the above given doc).
>
>
> For publishment you can refer:
> https://cwiki.apache.org/confluence/display/EAG/Policy
>
>
>
> -Sudha Jenslin
>
> On Mar 22, 2017, at 6:47 PM, Jean Rossier <jean@sqooba.io> wrote:
>
>
> 2. I read the examples given here: https://cwiki.apache.
> org/confluence/display/EAG/Quick+Start+with+Alert+Engine+through+API. The
> policy shown in this page (chapter 5.1) seems more consistant to me. I
> would like to POST it to my eagle server, but
>   a. When installing the 'Hdfs Audit Log Monitor' application, it created
> only one hdfs audit log stream (HDFS_AUDIT_LOG_ENRICHED_STREAM_SANDBOX).
> How can I create another stream (e.g. HDFS_AUDIT_LOG_E
>
>
>


-- 


*Jean Rossier*


*Sqooba (Schweiz) AG*Parkterrasse 14
3012 Bern

eMail:   jean@sqooba.io
<forename@sqooba.io>Mobile: +41 79 643 96 57
Web:    www.sqooba.io

Mime
View raw message