Could it be that ES does not have a definition for extra.status (which gets translated to extra_status)?
On 02 Jan 2018, at 20:52, Tomislav Protega tomislav.protega@cert.hr wrote:
Hi,
recently I came up into elasticsearch parsing exception. Dump is attached below.
It only happens when it processes data from Blueliv Crimeserver and Shadowserver-Open-XDMCP collectors.
Not so far ago my elasticsearch output bot didn't throw that exception.
Currently I'm using intelmq 1.0.2 and intelmq-manager 0.3.1, all installed from .deb package and python client elasticsearch 6.0.0.
Anyone experienced the same?
Thanks for the efforts.
Regards,
-- Tomislav <elasticsearch_exception.txt>-- Listen-Einstellungen: https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-users
-- // L. Aaron Kaplan kaplan@cert.at - T: +43 1 5056416 78 // CERT Austria - https://www.cert.at/ // Eine Initiative der nic.at GmbH - http://www.nic.at/ // Firmenbuchnummer 172568b, LG Salzburg