Graylog indexes?

[mzac]

Expected Behavior

Trying to get this module to work with Graylog indexes without any success... Could it be because Graylog creates indexes differently with @timestamp or timestamp? When I try the same query manually with Insomnia it works.

Current Behavior

I am getting an error 400

Possible Solution

None

Steps to Reproduce (for bugs)

My config files:

instances.ini

[esearch1.lab.local]
uri = "http://esearch1.lab.local:9200"
user = ""
password = ""
ca = ""
client_certificate = ""
client_private_key = ""

eventtypes.ini

[graylog]
instance = "esearch1.lab.local"
index = "graylog_*"
filter = "source={host.name}"
fields = "message"

Context

Example of what I see in a packet capture:

GET /graylog_*/_search HTTP/1.1
User-Agent: ipl/1.0.0 curl/7.29.0 PHP/7.1.8
Transfer-Encoding: chunked
Content-Type: application/json
Host: esearch1.lab.local:9200

{
    "_source": [
        "@timestamp",
        "message"
    ],
    "query": {
        "match": {
            "source": "vpn.lab.local"
        }
    },
    "from": 0,
    "size": 25,
    "sort": {
        "@timestamp": "desc"
    }
}

HTTP/1.1 400 Bad Request
content-type: application/json; charset=UTF-8
content-length: 941

{
    "error": {
        "root_cause": [
            {
                "type": "query_shard_exception",
                "reason": "No mapping found for [@timestamp] in order to sort on",
                "index_uuid": "qLEVdPI1Sru5_ijeWsZRHQ",
                "index": "graylog_273"
            },
            {
                "type": "query_shard_exception",
                "reason": "No mapping found for [@timestamp] in order to sort on",
                "index_uuid": "gvJp7c2qR9ma9ZT3ymr2MA",
                "index": "graylog_274"
            }
        ],
        "type": "search_phase_execution_exception",
        "reason": "all shards failed",
        "phase": "query",
        "grouped": true,
        "failed_shards": [
            {
                "shard": 0,
                "index": "graylog_273",
                "node": "0h89v-qXTauJznrwfT3N9g",
                "reason": {
                    "type": "query_shard_exception",
                    "reason": "No mapping found for [@timestamp] in order to sort on",
                    "index_uuid": "qLEVdPI1Sru5_ijeWsZRHQ",
                    "index": "graylog_273"
                }
            },
            {
                "shard": 0,
                "index": "graylog_274",
                "node": "0h89v-qXTauJznrwfT3N9g",
                "reason": {
                    "type": "query_shard_exception",
                    "reason": "No mapping found for [@timestamp] in order to sort on",
                    "index_uuid": "gvJp7c2qR9ma9ZT3ymr2MA",
                    "index": "graylog_274"
                }
            }
        ]
    },
    "status": 400
}

Your Environment

• Module version (System - About): 1.0.0
• Icinga Web 2 version and modules (System - About): 2.6.1
• Icinga 2 version (icinga2 --version): 2.9.1
• Elasticsearch version (curl http://localhost:9200): 5.6.11
• Operating System and version: Redhat 7
• Webserver, PHP versions: Apache 2.4.6, PHP 7.1.8 (fpm)