While trying to import your pfsense_custom_template i

I try to update the template with this code I test now. <code class="notransla

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Hi, this code doesn´t works for me. I´m get follow error: <code clas

Importing ES custom template failed about pfsense-graylog HOT 6 OPEN

opc40772 commented on August 22, 2024

Importing ES custom template failed

from pfsense-graylog.

Comments (6)

mipsou commented on August 22, 2024 1

I send template by curl
curl -X PUT "localhost:9200/_template/template_1" -H 'Content-Type: application/json' -d'…content_pfsense-custom…'
The answer is
{"error":{"root_cause":[{"type":"mapper_parsing_exception","reason":"No handler for type [keyword] declared on field [PFSENSE_UDP_DATA]"}],"type":"mapper_parsing_exception","reason":"Failed to parse mapping [message]: No handler for type [keyword] declared on field [PFSENSE_UDP_DATA]","caused_by":{"type":"mapper_parsing_exception","reason":"No handler for type [keyword] declared on field [PFSENSE_UDP_DATA]"}},"status":400}

i am using ES 2.4.6 with cerebro 0.8.1 and graylog 2.4.5

from pfsense-graylog.

mipsou commented on August 22, 2024 1

I try to update the template with this code
I test now.
{ "order": -1, "template": "pfsense_*", "settings": { "index": { "analysis": { "analyzer": { "analyzer_keyword": { "filter": "lowercase", "tokenizer": "keyword" } } }, "max_result_window": "1000000" } }, "mappings": { "message": { "_source": { "enabled": true }, "dynamic_templates": [ { "internal_fields": { "mapping": { "type": "keyword" }, "match": "gl2_*" } }, { "store_generic": { "mapping": { "index": "not_analyzed" }, "match": "*" } } ], "properties": { "reason": { "type": "string" }, "PFSENSE_UDP_DATA": { "type": "string" }, "gl2_remote_ip": { "type": "string" }, "gl2_remote_port": { "type": "string" }, "icmp_unreachport_dest_ip": { "type": "string" }, "icmp_unreachport_protocol": { "type": "string" }, "source": { "analyzer": "analyzer_keyword", "index": "analyzed", "type": "string" }, "dest_ip_geolocation": { "copy_to": "dst_location", "type": "string" }, "gl2_source_input": { "type": "string" }, "PFSENSE_ICMP_ECHO_REQ_REPLY": { "type": "string" }, "PFSENSE_PROTOCOL_DATA": { "type": "string" }, "ack_number": { "type": "string" }, "ip_ver": { "type": "string" }, "ecn": { "type": "string" }, "dest_ip_city_name": { "type": "string" }, "tcp_flags": { "type": "string" }, "PFSENSE_ICMP_UNREACHPORT": { "type": "string" }, "src_ip_city_name": { "type": "string" }, "PFSENSE_ICMP_DATA": { "type": "string" }, "action": { "type": "string" }, "gl2_source_node": { "type": "string" }, "src_ip_geolocation": { "copy_to": "src_location", "type": "string" }, "id": { "type": "string" }, "dest_port": { "type": "string" }, "PFSENSE_IGMP_DATA": { "type": "string" }, "offset": { "type": "string" }, "level": { "type": "long" }, "streams": { "index": "not_analyzed", "type": "string" }, "PFSENSE_TCP_DATA": { "type": "string" }, "PFSENSE_ICMP_RESPONSE": { "type": "string" }, "icmp_unreachport_dest_ip_geolocation": { "type": "string" }, "PFSENSE_ICMP_TYPE": { "type": "string" }, "iface": { "type": "string" }, "tcp_window": { "type": "string" }, "icmp_unreachport_port": { "type": "string" }, "icmp_echo_id": { "type": "string" }, "dest_ip": { "type": "string" }, "proto": { "type": "string" }, "PFSENSE_LOG_DATA": { "type": "string" }, "icmp_type": { "type": "string" }, "PFSENSE_IPv4_SPECIFIC_DATA": { "type": "string" }, "flags": { "type": "string" }, "rule": { "type": "string" }, "icmp_unreachport_dest_ip_city_name": { "type": "string" }, "PFSENSE_IP_DATA": { "type": "string" }, "tcp_options": { "type": "string" }, "PFSENSE_IP_SPECIFIC_DATA": { "type": "string" }, "src_ip": { "type": "string" }, "PFSENSE_LOG_ENTRY": { "type": "string" }, "proto_id": { "type": "string" }, "tracker": { "type": "string" }, "tos": { "type": "string" }, "timestamp": { "format": "yyyy-MM-dd HH:mm:ss.SSS", "type": "date" }, "direction": { "type": "string" }, "data_length": { "type": "string" }, "length": { "type": "string" }, "message": { "analyzer": "standard", "index": "analyzed", "type": "string" }, "icmp_unreachport_dest_ip_country_code": { "type": "string" }, "ttl": { "type": "string" }, "icmp_echo_sequence": { "type": "string" }, "sequence_number": { "type": "string" }, "src_location": { "type": "geo_point" }, "src_port": { "type": "string" }, "dest_ip_country_code": { "type": "string" }, "dst_location": { "type": "geo_point" }, "src_ip_country_code": { "type": "string" }, "full_message": { "analyzer": "standard", "index": "analyzed", "type": "string" }, "facility": { "type": "string" }, "real_timestamp": { "format": "yyyy-MM-dd HH:mm:ss", "type": "date" } } } }, "aliases": {} }

from pfsense-graylog.

opc40772 commented on August 22, 2024 1

@unbaiat First, there are additional items that need to be installed from the command line... Grafana Panels. You need these:
grafana-cli plugins install grafana-worldmap-panel
grafana-cli plugins install savantly-heatmap-panel

from pfsense-graylog.

mipsou commented on August 22, 2024

I confirm. It work perfectly.

from pfsense-graylog.

unbaiat commented on August 22, 2024

template loads ok but no data in dashboard. Testbed: mongodb 4.0.0, elasticsearch 5.6.10, graylog 2.4.6, Java 1.8.0.181, Debian 8.11 x64.

from pfsense-graylog.

fabioccoelho commented on August 22, 2024

Hi, this code doesn´t works for me. I´m get follow error:

{ "error": { "root_cause": [ { "type": "mapper_parsing_exception", "reason": "Root mapping definition has unsupported parameters: [message : {_source={enabled=true}, dynamic_templates=[{internal_fields={mapping={type=keyword}, match=gl2_*}}, {store_generic={mapping={index=not_analyzed}, match=*}}], properties={PFSENSE_UDP_DATA={type=keyword}, reason={type=keyword}, gl2_remote_ip={type=keyword}, gl2_remote_port={type=keyword}, icmp_unreachport_dest_ip={type=keyword}, icmp_unreachport_protocol={type=keyword}, dest_ip_geolocation={copy_to=dst_location, type=text}, source={fielddata=true, analyzer=analyzer_keyword, type=text}, gl2_source_input={type=keyword}, PFSENSE_ICMP_ECHO_REQ_REPLY={type=keyword}, PFSENSE_PROTOCOL_DATA={type=keyword}, ack_number={type=keyword}, ip_ver={type=keyword}, ecn={type=keyword}, dest_ip_city_name={type=keyword}, tcp_flags={type=keyword}, PFSENSE_ICMP_UNREACHPORT={type=keyword}, PFSENSE_ICMP_DATA={type=keyword}, src_ip_city_name={type=keyword}, action={type=keyword}, gl2_source_node={type=keyword}, id={type=keyword}, src_ip_geolocation={copy_to=src_location, type=string}, dest_port={type=keyword}, PFSENSE_IGMP_DATA={type=keyword}, offset={type=keyword}, level={type=long}, streams={type=keyword}, PFSENSE_TCP_DATA={type=keyword}, PFSENSE_ICMP_RESPONSE={type=keyword}, icmp_unreachport_dest_ip_geolocation={type=keyword}, PFSENSE_ICMP_TYPE={type=keyword}, iface={type=keyword}, tcp_window={type=keyword}, icmp_unreachport_port={type=keyword}, icmp_echo_id={type=keyword}, dest_ip={type=keyword}, proto={type=keyword}, PFSENSE_LOG_DATA={type=keyword}, icmp_type={type=keyword}, PFSENSE_IPv4_SPECIFIC_DATA={type=keyword}, flags={type=keyword}, rule={type=keyword}, PFSENSE_IP_DATA={type=keyword}, icmp_unreachport_dest_ip_city_name={type=keyword}, tcp_options={type=keyword}, PFSENSE_IP_SPECIFIC_DATA={type=keyword}, src_ip={type=keyword}, PFSENSE_LOG_ENTRY={type=keyword}, proto_id={type=keyword}, tracker={type=keyword}, tos={type=keyword}, direction={type=keyword}, timestamp={format=yyyy-MM-dd HH:mm:ss.SSS, type=date}, data_length={type=keyword}, length={type=keyword}, icmp_unreachport_dest_ip_country_code={type=keyword}, message={analyzer=standard, type=text}, ttl={type=keyword}, icmp_echo_sequence={type=keyword}, sequence_number={type=keyword}, src_location={type=geo_point}, src_port={type=keyword}, dest_ip_country_code={type=keyword}, dst_location={type=geo_point}, src_ip_country_code={type=keyword}, full_message={analyzer=standard, type=text}, facility={type=keyword}, real_timestamp={format=yyyy-MM-dd HH:mm:ss, type=date}}}]" } ], "type": "mapper_parsing_exception", "reason": "Failed to parse mapping [_doc]: Root mapping definition has unsupported parameters: [message : {_source={enabled=true}, dynamic_templates=[{internal_fields={mapping={type=keyword}, match=gl2_*}}, {store_generic={mapping={index=not_analyzed}, match=*}}], properties={PFSENSE_UDP_DATA={type=keyword}, reason={type=keyword}, gl2_remote_ip={type=keyword}, gl2_remote_port={type=keyword}, icmp_unreachport_dest_ip={type=keyword}, icmp_unreachport_protocol={type=keyword}, dest_ip_geolocation={copy_to=dst_location, type=text}, source={fielddata=true, analyzer=analyzer_keyword, type=text}, gl2_source_input={type=keyword}, PFSENSE_ICMP_ECHO_REQ_REPLY={type=keyword}, PFSENSE_PROTOCOL_DATA={type=keyword}, ack_number={type=keyword}, ip_ver={type=keyword}, ecn={type=keyword}, dest_ip_city_name={type=keyword}, tcp_flags={type=keyword}, PFSENSE_ICMP_UNREACHPORT={type=keyword}, PFSENSE_ICMP_DATA={type=keyword}, src_ip_city_name={type=keyword}, action={type=keyword}, gl2_source_node={type=keyword}, id={type=keyword}, src_ip_geolocation={copy_to=src_location, type=string}, dest_port={type=keyword}, PFSENSE_IGMP_DATA={type=keyword}, offset={type=keyword}, level={type=long}, streams={type=keyword}, PFSENSE_TCP_DATA={type=keyword}, PFSENSE_ICMP_RESPONSE={type=keyword}, icmp_unreachport_dest_ip_geolocation={type=keyword}, PFSENSE_ICMP_TYPE={type=keyword}, iface={type=keyword}, tcp_window={type=keyword}, icmp_unreachport_port={type=keyword}, icmp_echo_id={type=keyword}, dest_ip={type=keyword}, proto={type=keyword}, PFSENSE_LOG_DATA={type=keyword}, icmp_type={type=keyword}, PFSENSE_IPv4_SPECIFIC_DATA={type=keyword}, flags={type=keyword}, rule={type=keyword}, PFSENSE_IP_DATA={type=keyword}, icmp_unreachport_dest_ip_city_name={type=keyword}, tcp_options={type=keyword}, PFSENSE_IP_SPECIFIC_DATA={type=keyword}, src_ip={type=keyword}, PFSENSE_LOG_ENTRY={type=keyword}, proto_id={type=keyword}, tracker={type=keyword}, tos={type=keyword}, direction={type=keyword}, timestamp={format=yyyy-MM-dd HH:mm:ss.SSS, type=date}, data_length={type=keyword}, length={type=keyword}, icmp_unreachport_dest_ip_country_code={type=keyword}, message={analyzer=standard, type=text}, ttl={type=keyword}, icmp_echo_sequence={type=keyword}, sequence_number={type=keyword}, src_location={type=geo_point}, src_port={type=keyword}, dest_ip_country_code={type=keyword}, dst_location={type=geo_point}, src_ip_country_code={type=keyword}, full_message={analyzer=standard, type=text}, facility={type=keyword}, real_timestamp={format=yyyy-MM-dd HH:mm:ss, type=date}}}]", "caused_by": { "type": "mapper_parsing_exception", "reason": "Root mapping definition has unsupported parameters: [message : {_source={enabled=true}, dynamic_templates=[{internal_fields={mapping={type=keyword}, match=gl2_*}}, {store_generic={mapping={index=not_analyzed}, match=*}}], properties={PFSENSE_UDP_DATA={type=keyword}, reason={type=keyword}, gl2_remote_ip={type=keyword}, gl2_remote_port={type=keyword}, icmp_unreachport_dest_ip={type=keyword}, icmp_unreachport_protocol={type=keyword}, dest_ip_geolocation={copy_to=dst_location, type=text}, source={fielddata=true, analyzer=analyzer_keyword, type=text}, gl2_source_input={type=keyword}, PFSENSE_ICMP_ECHO_REQ_REPLY={type=keyword}, PFSENSE_PROTOCOL_DATA={type=keyword}, ack_number={type=keyword}, ip_ver={type=keyword}, ecn={type=keyword}, dest_ip_city_name={type=keyword}, tcp_flags={type=keyword}, PFSENSE_ICMP_UNREACHPORT={type=keyword}, PFSENSE_ICMP_DATA={type=keyword}, src_ip_city_name={type=keyword}, action={type=keyword}, gl2_source_node={type=keyword}, id={type=keyword}, src_ip_geolocation={copy_to=src_location, type=string}, dest_port={type=keyword}, PFSENSE_IGMP_DATA={type=keyword}, offset={type=keyword}, level={type=long}, streams={type=keyword}, PFSENSE_TCP_DATA={type=keyword}, PFSENSE_ICMP_RESPONSE={type=keyword}, icmp_unreachport_dest_ip_geolocation={type=keyword}, PFSENSE_ICMP_TYPE={type=keyword}, iface={type=keyword}, tcp_window={type=keyword}, icmp_unreachport_port={type=keyword}, icmp_echo_id={type=keyword}, dest_ip={type=keyword}, proto={type=keyword}, PFSENSE_LOG_DATA={type=keyword}, icmp_type={type=keyword}, PFSENSE_IPv4_SPECIFIC_DATA={type=keyword}, flags={type=keyword}, rule={type=keyword}, PFSENSE_IP_DATA={type=keyword}, icmp_unreachport_dest_ip_city_name={type=keyword}, tcp_options={type=keyword}, PFSENSE_IP_SPECIFIC_DATA={type=keyword}, src_ip={type=keyword}, PFSENSE_LOG_ENTRY={type=keyword}, proto_id={type=keyword}, tracker={type=keyword}, tos={type=keyword}, direction={type=keyword}, timestamp={format=yyyy-MM-dd HH:mm:ss.SSS, type=date}, data_length={type=keyword}, length={type=keyword}, icmp_unreachport_dest_ip_country_code={type=keyword}, message={analyzer=standard, type=text}, ttl={type=keyword}, icmp_echo_sequence={type=keyword}, sequence_number={type=keyword}, src_location={type=geo_point}, src_port={type=keyword}, dest_ip_country_code={type=keyword}, dst_location={type=geo_point}, src_ip_country_code={type=keyword}, full_message={analyzer=standard, type=text}, facility={type=keyword}, real_timestamp={format=yyyy-MM-dd HH:mm:ss, type=date}}}]" } }, "status": 400 }
Anyone can help me?

Thanks.

Gray version: 4.0
ES version: 7.x

from pfsense-graylog.

Importing ES custom template failed about pfsense-graylog HOT 6 OPEN

Comments (6)

Related Issues (18)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent