[Intelmq-users] elasticsearch parsing exception

L. Aaron Kaplan kaplan at cert.at
Tue Jan 2 21:14:07 CET 2018


Could it be that ES does not have a definition for extra.status (which gets translated to extra_status)?


> On 02 Jan 2018, at 20:52, Tomislav Protega <tomislav.protega at cert.hr> wrote:
> 
> Hi,
> 
> recently I came up into elasticsearch parsing exception.
> Dump is attached below.
> 
> It only happens when it processes data from Blueliv Crimeserver and
> Shadowserver-Open-XDMCP collectors.
> 
> Not so far ago my elasticsearch output bot didn't throw that exception.
> 
> Currently I'm using intelmq 1.0.2 and intelmq-manager 0.3.1, all
> installed from .deb package and python client elasticsearch 6.0.0.
> 
> Anyone experienced the same?
> 
> Thanks for the efforts.
> 
> Regards,
> 
> --
> Tomislav
> <elasticsearch_exception.txt>--
> Listen-Einstellungen:
> https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-users


--
// L. Aaron Kaplan <kaplan at cert.at> - T: +43 1 5056416 78
// CERT Austria - https://www.cert.at/
// Eine Initiative der nic.at GmbH - http://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg






-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/intelmq-users/attachments/20180102/4a60ac86/attachment.sig>


More information about the Intelmq-users mailing list