Comments (6)
ipworkx
commented on September 3, 2024
Hi,
It's probably related due to your template.
By the way, this link might help you. I've modified Roberts version to be compatible with ECS & SIEM
https://github.com/ipworkx/ecs-suricata
Best regards,
Regards,
Thierry
from synesis_lite_suricata.
chris-ana
commented on September 3, 2024
Hi,
i try to copy you templates but the same issue again.
Thank you for your help
Best regards,
Chris
from synesis_lite_suricata.
ipworkx
commented on September 3, 2024
Okay,
It’s related to what you have configured in the suricata.yml. The field should be an object (keyword or string) but it’s more.
That’s the problem.
You should change the template, or change the yml file regarding this field.
Here’s a link explaining this issue.
https://stackoverflow.com/questions/41873672/updating-a-field-with-a-nested-array-in-elastic-search
Regards,
Thierry
from synesis_lite_suricata.
cuonpm
commented on September 3, 2024
Same here, how can I fix it? Suricata version 5.0.3, Elk 7.8.0
Jul 06 08:13:48 elk-lab logstash[18735]: [2020-07-06T08:13:48,847][WARN ][logstash.outputs.elasticsearch][synlite_suricata][7f0f636925cafdc45ccbf6445a1562dacede6781ba4cf6f1b34e30bf21e877ba] Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"suricata-1.1.0-2020.07.06", :routing=>nil, :_type=>"_doc"}, #LogStash::Event:0x7a62212f], :response=>{"index"=>{"_index"=>"suricata-1.1.0-2020.07.06", "_type"=>"_doc", "_id"=>"sJSvIXMBcEOi1DSnsOAZ", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"failed to parse field [http.content_range] of type [keyword] in document with id 'sJSvIXMBcEOi1DSnsOAZ'. Preview of field's value: '{size=9846192, start=45898, raw=bytes 45898-88631/9846192, end=88631}'", "caused_by"=>{"type"=>"illegal_state_exception", "reason"=>"Can't get text on a START_OBJECT at 1:941"}}}}}
from synesis_lite_suricata.
cuonpm
commented on September 3, 2024
Jul 07 18:15:37 elk logstash[25106]: [2020-07-07T18:15:37,627][WARN ][logstash.outputs.elasticsearch][synlite_suricata][7f0f636925cafdc45ccbf6445a1562dacede6781ba4cf6f1b34e30bf21e877ba] Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"suricata-1.1.0-2020.07.07", :routing=>nil, :_type=>"_doc"}, #LogStash::Event:0x7c30048b], :response=>{"index"=>{"_index"=>"suricata-1.1.0-2020.07.07", "_type"=>"_doc", "_id"=>"ffb9KHMBrL4FY38oBcn0", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"failed to parse field [dns.flags] of type [long] in document with id 'ffb9KHMBrL4FY38oBcn0'. Preview of field's value: 'a805'", "caused_by"=>{"type"=>"illegal_argument_exception", "reason"=>"For input string: "a805""}}}}}
from synesis_lite_suricata.
robcowart
commented on September 3, 2024
Closing all issues as this project has been archived.
from synesis_lite_suricata.
Related Issues (20)
- dashboard present error HOT 6
- Kibana Url Format filters appear as raw HTML in saved search visualizations HOT 2
- Unable to index more than 8 GB of Suricata logs HOT 6
- Logstash error: "Error interpreting the template of the input - range can't iterate over /.../eve.json" HOT 5
- docker HOT 1
- Commercial version? HOT 1
- Suricata Kibana Dashboard no data displayed HOT 1
- Failed to install template. {:message=>"Got response code '400' contacting Elasticsearch at URL HOT 4
- Suricata Stats HOT 9
- Error: Failed to install template e-suricata_stats-1.0.1 HOT 1
- Could not index to Elasticsearch HOT 1
- Logstash parsing error HOT 9
- Threats tab HOT 1
- Converting the synlite_suricata.kibana.7.1.x.json to ndson and import failed in 7.9.1 HOT 1
- logstash excesive memory usage HOT 2
- Unable to Index Events
- Synlite lite suricata install valididity HOT 3
- Logstash does'nt send the output to Elasticsearch / synesis lite 1.0.1 HOT 2
- [Re]Some problem inside my Elasticstack + Suricata HOT 13
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from synesis_lite_suricata.