Configuring Element-to-Enrichment Mapping
We now need to configure what element of a tuple should be enriched with what enrichment type.
This configuration is stored in ZooKeeper.
Log in as root user to the host that has Metron installed.
sudo -s $METRON_HOME
Copy and paste the following into a file called
enrichment_config_temp.json
at$METRON_HOME/config
.{ "zkQuorum" : "$ZOOKEEPER_HOST:2181" ,"sensorToFieldList" : { "squid" : { "type" : "ENRICHMENT" ,"fieldToEnrichmentTypes" : { "domain_without_subdomains" : [ "whois" ] } } } }
Remove any non-ASCII invisible characters that might have been included if you copy and pasted:
iconv -c -f utf-8 -t ascii enrichment_config_temp.json -o enrichment_config.json