...
And another config to load the zookeper enrichment config:
{
"zkQuorum" : "node1:2181"
,"sensorToFieldList" : {
"bro" : {
"type" : "ENRICHMENT"
,"fieldToEnrichmentTypes" : {
"url" : [ "whois" ]
}
}
}
}
...
You should see the table bulk loaded with data from the CSV file. Now check if Zookeper Zookeeper enrichment tag was properly populated:
sudo /usr/hdpmetron/2.3.4.0-3485/zookeeper0.1BETA/bin/zkClizk_load_configs.sh -server 127.0.0.1:2181ls /enrichmentz localhost:2181
This spits out all of the configs to standard out, you should find one named "squid."
Now the url field should be enriched with the whois data
...