METRON-676 Create Zeppelin Notebook for YAF Telemetry

[nickwallen]

Created a Zeppelin Notebook that serves as a basic template for a situational awareness dashboard for the YAF flow telemetry produced by Metron.

In practice, this notebook should be enhanced and customized to leverage enrichments specific to your production environment. The notebook provides a fair introduction into the mechanics of using Zeppelin/Spark to work with the telemetry that is archived by Metron in HDFS.

The Zeppelin Notebook is deployed with Metron through the MPack and can be installed by using the "Metron" > "Service Actions" > "Zeppelin Notebook Import" action in Ambari.

METRON-676 contains a screen capture of the dashboard when it is run with roughly 7 days of archived telemetry data.

Dependency

This change is dependent on #423 , which is why you will see those commits included here. Once #423 hits master, I will rebase on master.

Testing

I tested this change by following these steps.

Build It

• Build Metron

cd incubator-metron
mvn clean package -DskipTests

• Start Docker on your build machine
• Build Metron RPMs

cd metron-deployment
mvn clean package -Pbuild-rpms -DskipTests

• Build Ambari MPack

cd metron-deployment
mvn clean package

Setup Test VM

• Launch Vagrant and install Ambari only

cd metron-deployment/vagrant/quick-dev-platform
vagrant --ansible-tags=ambari up

• Copy artifacts to VM

scp metron-deployment/packaging/docker/rpm-docker/target/RPMS/noarch/*.rpm vagrant@node1:/tmp
scp metron-deployment/packaging/ambari/metron-mpack/target/metron_mpack-1.0.0.0-SNAPSHOT.tar.gz vagrant@node1:/tmp

• Stage RPMS

vagrant ssh
sudo su -
mkdir /localrepo
cp /tmp/metron*.rpm /localrepo

Install Ambari MPack

• Install MPack

ambari-server install-mpack --mpack=/tmp/metron_mpack-1.0.0.0-SNAPSHOT.tar.gz --verbose

• Restart Ambari

service ambari-server restart

Deploy Metron with MPack

• You may need to clear the browser cache to see the additional options installed by the MPack.
• Login to Ambari at http://node1:8080
• Click "Actions" -> "Add Services", then choose "Metron"

Install Zeppelin Notebooks

• Login to Ambari at http://node1:8080.
• In Ambari, click "Metron" > "Service Actions" > "Zeppelin Notebook Import"
• Wait for the action to complete in Ambari.
• Login to Zeppelin at http://node1:9995
• Search for the notebook named "Metron - YAF Telemetry"

[justinleet]

@nickwallen #423 is in (and breaking the README here)

[nickwallen]

Here are the links to screen captures of what the dashboard looks-like.

• Report, read-only mode
• Edit mode

[justinleet]

@nickwallen Would it be reasonable to throw links to the screenshots onto the original discuss thread?

I'm +1 (by inspection) on the actual implementation, but I'd really love to see other perspectives on this (and since I'm not an expert, I'm a little hesitant to just close this ticket out myself).

[nickwallen]

@justinleet Sorry, I originally responded to the dev list and not here. I sent a link to the PR and JIRA, mentioning the screenshots, to the original discussion thread.

[james-sirota]

+1 Great job

[justinleet]

@nickwallen Thanks for closing off that discussion. This has percolated awhile, and I'm +1 on it.