Open MarkusMcNugen opened 7 years ago
@MarkusMcNugen
org.graylog.plugins.pipelineprocessor.functions.ips.IpAddress["anonymized"]
Is this the literal log output or did you replace the actual IP address with "anonymized"?
If the latter, please provide a real IP address which triggers the error so we can reproduce the issue.
@joschi
That is the literal log output. I stripped 100+ of the same line out of the log so the log output wasnt stupidly big...
The IP address it was suppose to convert from a string to an IP was 10.16.5.182 and 10.16.15.255. The rule splits the message string on | and tries to convert the the IP strings to IP addresses. When that error is produced it crashes search, which subsequently crashes login since it loads the search page by default.
EDIT: I figured it out. Turns out some of our PCs are using IPv6 when they shouldn't be which was causing the to_ip function to freak out when it ran into the IPv6 addresses. Please close this issue.
Problem description
Infinite recursion when trying to convert IP string to an IP address using to_ip() function.
Steps to reproduce the problem
Source:
1500093714.115401|CuGFga3X7NWibJCGGa|10.16.5.182|137|10.16.15.255|137|udp|44426|-|WPAD|1|C_INTERNET|32|NB|-|-|F|F|T|F|1|-|-|F
Pipeline Rule
Log
Environment