Configure which element of a tuple should be enriched with which enrichment type. This
configuration is stored in Apache ZooKeeper.
- On the host with Metron installed, log in as root.
- Cut and paste the following syntax into a file called
enrichment_config_temp.json
, being sure to customize
$ZOOKEEPER_HOST and $DATASOURCE to your specific values, where $DATASOURCE refers to
the name of the data source you use to bulk load the enrichment:
{
"zkQuorum" : "$ZOOKEEPER_HOST:2181"
,"sensorToFieldList" : {
"$DATASOURCE" : {
"type" : "ENRICHMENT"
,"fieldToEnrichmentTypes" : {
"domain_without_subdomains" : [ "whois" ]
}
}
}
}
- Remove any non-ASCII invisible characters in the pasted syntax in Step 2:
iconv -c -f utf-8 -t ascii enrichment_config_temp.json -o enrichment_config.json