Skip to content

what's wrong with ElasticSearch #25

New issue
New issue
Open
Open
what's wrong with ElasticSearch#25
@bulabula001

Description

@bulabula001
bulabula001
opened on Apr 1, 2016

when i run the opensoc-ui, and visit the site of the http://192.168.10.124:5000 . page, and then submit the topology of Bro and Sourcefire, in the site of opensoc-ui, i can see the data of the Sourcefire, but can not see the data of the Bro, and when i check the log of ES, i found the error below , i never edit the config about the bro and it is same as the sourcefire.
someone else can help me?

org.elasticsearch.search.SearchParseException: [bro_index_2016.03.31][1]: from[-1],size[-1]: Parse Failure [Failed to parse source [{"facets":{"5":{"date_histogram":{"field":"timestamp","interval":"10m"},"global":true,"facet_filter":{"fquery":{"query":{"filtered":{"query":{"query_string":{"query":"_type:sourcefire_doc"}},"filter":{"bool":{"must":[{"range":{"timestamp":{"from":1459385801824,"to":1459472201825}}}]}}}}}}},"6":{"date_histogram":{"field":"timestamp","interval":"10m"},"global":true,"facet_filter":{"fquery":{"query":{"filtered":{"query":{"query_string":{"query":"_type:sourcefire_alert"}},"filter":{"bool":{"must":[{"range":{"timestamp":{"from":1459385801824,"to":1459472201825}}}]}}}}}}}},"size":0}]]
at org.elasticsearch.search.SearchService.parseSource(SearchService.java:747)
at org.elasticsearch.search.SearchService.createContext(SearchService.java:572)
at org.elasticsearch.search.SearchService.createAndPutContext(SearchService.java:544)
at org.elasticsearch.search.SearchService.executeQueryPhase(SearchService.java:306)
at org.elasticsearch.search.action.SearchServiceTransportAction$5.call(SearchServiceTransportAction.java:231)
at org.elasticsearch.search.action.SearchServiceTransportAction$5.call(SearchServiceTransportAction.java:228)
at org.elasticsearch.search.action.SearchServiceTransportAction$23.run(SearchServiceTransportAction.java:559)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.ClassCastException: org.elasticsearch.index.fielddata.plain.PagedBytesIndexFieldData cannot be cast to org.elasticsearch.index.fielddata.IndexNumericFieldData
at org.elasticsearch.search.facet.datehistogram.DateHistogramFacetParser.parse(DateHistogramFacetParser.java:174)
at org.elasticsearch.search.facet.FacetParseElement.parse(FacetParseElement.java:93)
at org.elasticsearch.search.SearchService.parseSource(SearchService.java:731)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions