Install Solr
If you are using Apache Solr, install it using the Ambari HDP Search management pack.
-
From Ambari, stop the following:
- Metron
- Kibana
- Elasticsearch
-
Install the Ambari HDP Search Management pack.
For instructions on downloading and using the Ambari HDP Search management pack, see https://docs.cloudera.com/HDPDocuments/HDPS/HDPS-4.0.0/bk_solr-search-installation/content/hdp-search40-install-mpack.html .Ambari automatically creates collections for the following:
- bro
- snort
- yaf
- metaalert
- error
-
If you want to create a collection for a schema not supplied by CCP, perform the
following steps:
-
Set Solr environmental variables in ZooKeeper.
# Path to the zookeeper node used by Solr export ZOOKEEPER=node1:2181/solr # Define SOLR_HOME export SOLR_HOME=/opt/lucidworks-hdpsearch/solr/ # Set to true if Kerberos is enabled export SECURITY_ENABLED=true
-
Create a collection.
For example:
su $SOLR_USER -c "$SOLR_HOME/bin/solr create -c bro -d $METRON_HOME/config/schema/bro/"
-
Pull all configurations from ZooKeeper to the Metron
configdirectory:$METRON_HOME/bin/zk_load_configs.sh -m PULL -z $ZOOKEEPER -o $METRON_HOME/config/zookeeper -f
-
Set Solr environmental variables in ZooKeeper.
- From Ambari, select Metron in the components panel.
- Click the Configs tab, then click the Rest tab.
-
Populate the following fields with the appropriate information:
- Source Type Field Name
- The source type field name used in the real-time store. Defaults to
source:type. - Threat Triage Score Field Name
- The threat triage score field name used in the real-time store. Defaults to
threat.triage.score.
- Restart Metron.
- Start Solr.
- From Ambari, select Metron in the components panel.
- Click the Configs tab, then click the Indexing tab.
-
Choose Solr in the Index Writer - Random
Access pull down menu.
- Click Save.
- From Ambari, stop and restart the Metron Alerts user interface.
- From Ambari, stop and restart Metron REST.
