search

ChrisRimondi / VulntoES

Vulnerability Data in ES
GNU General Public License v2.0
145 stars 63 forks source link

Changes to Mapping #6

Open Consequences opened 8 years ago

Consequences commented 8 years ago

~: curl -XPUT 'http://localhost:9200/vulns/vuln/_mapping' -d @ES-mapping.json {"error":{"root_cause":[{"type":"mapper_parsing_exception","reason":"Root mapping definition has unsupported parameters: [order : 0] [template : testvuln*] [settings : {index.refresh_interval=5s, index.analysis.analyzer.default.type=standard}] [mappings : {_default_={dynamic_templates=[{string_fields={mapping={type=multi_field, fields={raw={index=not_analyzed, ignore_above=256, type=string}, {name}={index=analyzed, omit_norms=true, type=string}}}, match=*, match_mapping_type=string}}], properties={pluginID={index=not_analyzed, type=string}, geoip={dynamic=true, path=full, properties={location={type=geo_point}}, type=object}, scanner={index=not_analyzed, type=string}}, _all={enabled=true}}}]"}],"type":"mapper_parsing_exception","reason":"Root mapping definition has unsupported parameters: [order : 0] [template : testvuln*] [settings : {index.refresh_interval=5s, index.analysis.analyzer.default.type=standard}] [mappings : {_default_={dynamic_templates=[{string_fields={mapping={type=multi_field, fields={raw={index=not_analyzed, ignore_above=256, type=string}, {name}={index=analyzed, omit_norms=true, type=string}}}, match=*, match_mapping_type=string}}], properties={pluginID={index=not_analyzed, type=string}, geoip={dynamic=true, path=full, properties={location={type=geo_point}}, type=object}, scanner={index=not_analyzed, type=string}}, _all={enabled=true}}}]"},"status":400}

Possible cause: https://www.elastic.co/guide/en/elasticsearch/reference/current/breaking_20_mapping_changes.html

branchnetconsulting commented 7 years ago

I was able to get past this error by using this adapted curl command:

curl -XPUT 'http://localhost:9200/_template/vulns' -d @ES-mapping.json

with this updated ES-mapping.json file that works with Elasticsearch 5.x

{
  "order": 0,
  "template": "vulns*",
  "settings": {
    "index.refresh_interval": "5s",
    "index.analysis.analyzer.default.type": "standard"
  },
  "mappings": {
    "_default_": {
      "dynamic_templates": [
        {
          "string_fields": {
            "mapping": {
              "type": "multi_field",
              "fields": {
                "raw": {
                  "ignore_above": 256,
                  "type": "keyword"
                },
                "{name}": {
                  "omit_norms": true,
                  "type": "text"
                }
              }
            },
            "match": "*",
            "match_mapping_type": "text"
          }
        }
      ],
      "properties": {
        "pluginID": {
          "type": "keyword"
        },
        "geoip": {
          "dynamic": true,
          "properties": {
            "location": {
              "type": "geo_point"
            }
          },
          "type": "object"
        },
        "scanner": {
          "type": "keyword"
        }
      },
      "_all": {
        "enabled": true
      }
    }
  }
}
CyberTaoFlow commented 6 years ago

Thx for this