Hi all,

Good news, Stone Zach is able to make required changes for ElasticSearch 7, see https://github.com/certtools/intelmq/issues/1479#issuecomment-605454294 and https://github.com/certtools/intelmq/pull/1513 - Thanks stone!

However the code for ES 7 is incompatible to the code for ES 5 and Stone can only support the ES 7 code. That would mean that - if nothing changes - the support for ES 5 would be probably dropped in the next feature release (2.2.0).

In parallel to these efforts, I welcome the contribution by Filip to document how IntelMQ can be used to feed ES via Redis + Logstash. Thanks!

Sebastian

On 3/20/20 4:20 PM, Sebastian Wagner wrote:
Dear community,

The ElasticSearch bots, tests and tools in IntelMQ need some maintenance
which I am unable to provide. As ES is a very common tool I am sure that
there is know-how available in the community and we are able to continue
the support for it.

The oldest know issue is a broken unittest:
https://github.com/certtools/intelmq/issues/1480

But there are also incompatibilties with current ElasticSearch version,
e.g. I had problems with the elasticmapper tool using ES 7.6.1 (maybe
easy to fix).
Using 7.5.0 failed on the indices tests
https://github.com/certtools/intelmq/issues/1479

Further, the only supported elasticsearch python library version is
currently 'elasticsearch>=5.0.0,<6.0.0' while the latest release is 7.6.0.

Please consider contributing

best regards
Sebastian



_______________________________________________
Intelmq-dev mailing list
Intelmq-dev@lists.cert.at
https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev

-- 
// Sebastian Wagner <wagner@cert.at> - T: +43 1 5056416 7201
// CERT Austria - https://www.cert.at/
// Eine Initiative der nic.at GmbH - https://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg