...
1. Create a file called squid.json at /usr/metron/$METRON_VERSION/config/zookeeper/indexing/:
touch $METRON_HOME/config/zookeeper/indexing/squid.json and populate
2. Populate it with the following:
{
"elasticsearch": {
"index": "squid",
"batchSize": 5,
"enabled" : true
},
"hdfs"" {
"index": "squid",
"batchSize": 5,
"enabled" : true
}This This file sets the batch size of 5 and the index name to squid for both the Elasticsearch and HDFS writers.
2 3. Push the configuration to ZooKeeper:
/usr/metron/$METRON_VERSION/bin/zk_load_configs.sh --mode PUSH -i /usr/metron/$METRON_VERSION/config/zookeeper -z $ZOOKEEPER_HOST:2181
Step 6: Validate the Squid Message
Another thing we can do is validate our messages. Let's say we wanted to make sure that source IPs and destination IPs are valid. The validators are global so we set them up on the global JSON and push them into Zookeeper. The list of available validators can be found here:
...