Enriching Telemetry Events
Map Fields to HBase Enrichments Using the Management User Interface

After you establish dataflow to the HBase table, you must use the HCP Management user interface or the CLI to ensure that the enrichment topology is enriching the data flowing past. You can use the Management UI to refine the parser output in three ways: transformations, enrichments, threat intel.

Your sensor must be running and producing data to load sample data.
  1. From the list of sensors in the main window, select your new sensor.
  2. Click the pencil icon in the toolbar.
    The Management UI displays the sensor panel for the new sensor.
  3. In the Schema panel, click .
  4. Review the resulting message, field, and value information displayed in the Schema panel.
    The Sample field displays a parsed version of a sample message from the sensor. The Management UI tests your transformations against these parsed messages.
    You can use the right and left arrow to view the parsed version of each sample message available from the sensor.
  5. Apply transformations to an existing field by clicking or create a new field by clicking .
  6. If you create a new field, complete the fields.
  7. Click SAVE.
  8. If you want to suppress fields from showing in the Index, click .
  9. Click SAVE.