[Intelmq-users] elasticsearch parsing exception

Navtej Singh n.s.buttar at gmail.com
Wed Jan 3 07:23:29 CET 2018


ES probably has mapped extra.status to an object and in the given case,
extra.status is text. Please see the existing mappings for extra_status.

On Wed, Jan 3, 2018 at 1:44 AM, kaplan at cert.at <kaplan at cert.at> wrote:

> Could it be that ES does not have a definition for extra.status (which
> gets translated to extra_status)?
>
>
> > On 02 Jan 2018, at 20:52, Tomislav Protega <tomislav.protega at cert.hr>
> wrote:
> >
> > Hi,
> >
> > recently I came up into elasticsearch parsing exception.
> > Dump is attached below.
> >
> > It only happens when it processes data from Blueliv Crimeserver and
> > Shadowserver-Open-XDMCP collectors.
> >
> > Not so far ago my elasticsearch output bot didn't throw that exception.
> >
> > Currently I'm using intelmq 1.0.2 and intelmq-manager 0.3.1, all
> > installed from .deb package and python client elasticsearch 6.0.0.
> >
> > Anyone experienced the same?
> >
> > Thanks for the efforts.
> >
> > Regards,
> >
> > --
> > Tomislav
> > <elasticsearch_exception.txt>--
> > Listen-Einstellungen:
> > https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-users
>
>
> --
> // L. Aaron Kaplan <kaplan at cert.at> - T: +43 1 5056416 78
> // CERT Austria - https://www.cert.at/
> // Eine Initiative der nic.at GmbH - http://www.nic.at/
> // Firmenbuchnummer 172568b, LG Salzburg
>
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/intelmq-users/attachments/20180103/f9e9f741/attachment.html>


More information about the Intelmq-users mailing list