Enriching Telemetry Events
Also available as:
PDF

Configure an Extractor Configuration File

The extractor configuration file is used to bulk load the enrichment store into HBase.

  1. Log in as root to the host on which Metron is installed.
    sudo -s $METRON_HOME
  2. Determine the schema of the enrichment source.
    The schema of our mock enrichment source is domain|owner|registeredCountry|registeredTimestamp.
  3. Create an extractor configuration file called extractor_config.json at $METRON_HOME/config and populate it with the enrichment source schema.
    For example:
    {
     "config" : {
        "columns" : {
            "domain" : 0
            ,"owner" : 1
            ,"home_country" : 2
            ,"registrar": 3
            ,"domain_created_timestamp": 4
        }
        ,"indicator_column" : "domain"
        ,"type" : "whois"
        ,"separator" : ","
      }
      ,"extractor" : "CSV"
    }
    
  4. Remove any non-ASCII invisible characters that might have been included if you copy and pasted:
    iconv -c -f utf-8 -t ascii extractor_config_temp.json -o extractor_config.json
    Note
    Note
    The extractor_config.json file is not stored anywhere by the loader. This file is used once by the bulk loader to parse the enrichment dataset. If you would like to keep a copy of this file, be sure to save a copy to another location.