In HS-1155337333 a customer has problems because the userIdentity field is missing when deserializing the CloudTrailRecord. A NullPointerException occurs when constructing the construcedMessagefield. Here is the StackTrace:
2022-10-24T13:25:48.996-04:00 ERROR [CloudTrailSubscriber] Could not read CloudTrail log file for <cloudtrail-graylog>. Skipping.
com.fasterxml.jackson.databind.JsonMappingException: (was java.lang.NullPointerException) (through reference chain: [org.graylog.aws](http://org.graylog.aws/).inputs.cloudtrail.json.CloudTrailRecord["constructedMessage"])
at com.fasterxml.jackson.databind.JsonMappingException.wrapWithPath([JsonMappingException.java:394](http://jsonmappingexception.java:394/)) ~[graylog.jar:?]
at com.fasterxml.jackson.databind.JsonMappingException.wrapWithPath([JsonMappingException.java:353](http://jsonmappingexception.java:353/)) ~[graylog.jar:?]
at com.fasterxml.jackson.databind.ser.std.StdSerializer.wrapAndThrow([StdSerializer.java:316](http://stdserializer.java:316/)) ~[graylog.jar:?]
at com.fasterxml.jackson.databind.ser.std.BeanSerializerBase.serializeFields([BeanSerializerBase.java:727](http://beanserializerbase.java:727/)) ~[graylog.jar:?]
at com.fasterxml.jackson.databind.ser.BeanSerializer.serialize([BeanSerializer.java:155](http://beanserializer.java:155/)) ~[graylog.jar:?]
at com.fasterxml.jackson.databind.ser.DefaultSerializerProvider._serialize([DefaultSerializerProvider.java:480](http://defaultserializerprovider.java:480/)) ~[graylog.jar:?]
at com.fasterxml.jackson.databind.ser.DefaultSerializerProvider.serializeValue([DefaultSerializerProvider.java:319](http://defaultserializerprovider.java:319/)) ~[graylog.jar:?]
at com.fasterxml.jackson.databind.ObjectMapper._configAndWriteValue([ObjectMapper.java:3906](http://objectmapper.java:3906/)) ~[graylog.jar:?]
at com.fasterxml.jackson.databind.ObjectMapper.writeValueAsBytes([ObjectMapper.java:3244](http://objectmapper.java:3244/)) ~[graylog.jar:?]
at [org.graylog.aws.inputs.cloudtrail.CloudTrailSubscriber.run](http://org.graylog.aws.inputs.cloudtrail.cloudtrailsubscriber.run/)([CloudTrailSubscriber.java:157](http://cloudtrailsubscriber.java:157/)) [graylog-plugin-aws-4.3.8.jar:?]
Caused by: java.lang.NullPointerException
at [org.graylog.aws](http://org.graylog.aws/).inputs.cloudtrail.json.CloudTrailRecord.getConstructedMessage([CloudTrailRecord.java:113](http://cloudtrailrecord.java:113/)) ~[?:?]
at jdk.internal.reflect.GeneratedMethodAccessor320.invoke(Unknown Source) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke([DelegatingMethodAccessorImpl.java:43](http://delegatingmethodaccessorimpl.java:43/)) ~[?:?]
at java.lang.reflect.Method.invoke([Method.java:566](http://method.java:566/)) ~[?:?]
at com.fasterxml.jackson.databind.ser.BeanPropertyWriter.serializeAsField([BeanPropertyWriter.java:688](http://beanpropertywriter.java:688/)) ~[graylog.jar:?]
at com.fasterxml.jackson.databind.ser.std.BeanSerializerBase.serializeFields([BeanSerializerBase.java:719](http://beanserializerbase.java:719/)) ~[graylog.jar:?]
... 6 more
In HS-1155337333 a customer has problems because the
userIdentityfield is missing when deserializing theCloudTrailRecord. ANullPointerExceptionoccurs when constructing theconstrucedMessagefield. Here is the StackTrace: