Enriching Telemetry Events
Also available as:
PDF

Configure Element-to-Enrichment Mapping

Configure which element of a tuple should be enriched with which enrichment type. This configuration is stored in Apache ZooKeeper.

  1. On the host with Metron installed, log in as root.
  2. Cut and paste the following syntax into a file called enrichment_config_temp.json, being sure to customize $ZOOKEEPER_HOST and $DATASOURCE to your specific values, where $DATASOURCE refers to the name of the data source you use to bulk load the enrichment:
    {
         "zkQuorum" : "$ZOOKEEPER_HOST:2181"
        ,"sensorToFieldList" : {
              "$DATASOURCE" : {
                 "type" : "ENRICHMENT"
                ,"fieldToEnrichmentTypes" : {
                     "domain_without_subdomains" : [ "whois" ]
                  }
              }
        }
    }
    
  3. Remove any non-ASCII invisible characters in the pasted syntax in Step 2:
    iconv -c -f utf-8 -t ascii enrichment_config_temp.json -o enrichment_config.json