Overview
mataelang-event-stream-aggr is the Kafka stream processor that turns raw sensor events into geo-enriched, aggregated alerts.
Flow
Responsibilities
- Consume the input topic (
input_kafka_topic, defaultsensor_events), deserializing Avro via the Schema Registry. - Enrich source/destination IPs with geo information.
internal/iplookupis an HTTP client that calls an external lookup API's/lookupendpoint — geo data is not read from a local MaxMind database. - Aggregate / transform events (
internal/processor). - Produce to the output topic (
output_kafka_topic, defaultsnort_alerts).
Configuration
| Setting | Key | Compose value |
|---|---|---|
| Kafka brokers | KAFKA_BROKERS | broker:29092 |
| Input topic | INPUT_KAFKA_TOPIC | sensor_events |
| Output topic | OUTPUT_KAFKA_TOPIC | snort_alerts |
| Schema Registry | SCHEMA_REGISTRY_URL | http://schema-registry:8081 |
Downstream
snort_alerts is consumed by Logstash, which indexes events into OpenSearch and republishes geo events to the threat-map topic. See Messaging & Storage and the Data Plane scenario.