when i run the opensoc-ui, and visit the site of the http://192.168.10.124:5000 . page, and then submit the topology of Bro and Sourcefire, in the site of opensoc-ui, i can see the data of the Sourcefire, but can not see the data of the Bro, and when i check the log of ES, i found the error below , i never edit the config about the bro and it is same as the sourcefire.
someone else can help me?
org.elasticsearch.search.SearchParseException: [bro_index_2016.03.31][1]: from[-1],size[-1]: Parse Failure [Failed to parse source [{"facets":{"5":{"date_histogram":{"field":"timestamp","interval":"10m"},"global":true,"facet_filter":{"fquery":{"query":{"filtered":{"query":{"query_string":{"query":"_type:sourcefire_doc"}},"filter":{"bool":{"must":[{"range":{"timestamp":{"from":1459385801824,"to":1459472201825}}}]}}}}}}},"6":{"date_histogram":{"field":"timestamp","interval":"10m"},"global":true,"facet_filter":{"fquery":{"query":{"filtered":{"query":{"query_string":{"query":"_type:sourcefire_alert"}},"filter":{"bool":{"must":[{"range":{"timestamp":{"from":1459385801824,"to":1459472201825}}}]}}}}}}}},"size":0}]]
at org.elasticsearch.search.SearchService.parseSource(SearchService.java:747)
at org.elasticsearch.search.SearchService.createContext(SearchService.java:572)
at org.elasticsearch.search.SearchService.createAndPutContext(SearchService.java:544)
at org.elasticsearch.search.SearchService.executeQueryPhase(SearchService.java:306)
at org.elasticsearch.search.action.SearchServiceTransportAction$5.call(SearchServiceTransportAction.java:231)
at org.elasticsearch.search.action.SearchServiceTransportAction$5.call(SearchServiceTransportAction.java:228)
at org.elasticsearch.search.action.SearchServiceTransportAction$23.run(SearchServiceTransportAction.java:559)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.ClassCastException: org.elasticsearch.index.fielddata.plain.PagedBytesIndexFieldData cannot be cast to org.elasticsearch.index.fielddata.IndexNumericFieldData
at org.elasticsearch.search.facet.datehistogram.DateHistogramFacetParser.parse(DateHistogramFacetParser.java:174)
at org.elasticsearch.search.facet.FacetParseElement.parse(FacetParseElement.java:93)
at org.elasticsearch.search.SearchService.parseSource(SearchService.java:731)
when i run the opensoc-ui, and visit the site of the http://192.168.10.124:5000 . page, and then submit the topology of Bro and Sourcefire, in the site of opensoc-ui, i can see the data of the Sourcefire, but can not see the data of the Bro, and when i check the log of ES, i found the error below , i never edit the config about the bro and it is same as the sourcefire. someone else can help me?
org.elasticsearch.search.SearchParseException: [bro_index_2016.03.31][1]: from[-1],size[-1]: Parse Failure [Failed to parse source [{"facets":{"5":{"date_histogram":{"field":"timestamp","interval":"10m"},"global":true,"facet_filter":{"fquery":{"query":{"filtered":{"query":{"query_string":{"query":"_type:sourcefire_doc"}},"filter":{"bool":{"must":[{"range":{"timestamp":{"from":1459385801824,"to":1459472201825}}}]}}}}}}},"6":{"date_histogram":{"field":"timestamp","interval":"10m"},"global":true,"facet_filter":{"fquery":{"query":{"filtered":{"query":{"query_string":{"query":"_type:sourcefire_alert"}},"filter":{"bool":{"must":[{"range":{"timestamp":{"from":1459385801824,"to":1459472201825}}}]}}}}}}}},"size":0}]] at org.elasticsearch.search.SearchService.parseSource(SearchService.java:747) at org.elasticsearch.search.SearchService.createContext(SearchService.java:572) at org.elasticsearch.search.SearchService.createAndPutContext(SearchService.java:544) at org.elasticsearch.search.SearchService.executeQueryPhase(SearchService.java:306) at org.elasticsearch.search.action.SearchServiceTransportAction$5.call(SearchServiceTransportAction.java:231) at org.elasticsearch.search.action.SearchServiceTransportAction$5.call(SearchServiceTransportAction.java:228) at org.elasticsearch.search.action.SearchServiceTransportAction$23.run(SearchServiceTransportAction.java:559) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.ClassCastException: org.elasticsearch.index.fielddata.plain.PagedBytesIndexFieldData cannot be cast to org.elasticsearch.index.fielddata.IndexNumericFieldData at org.elasticsearch.search.facet.datehistogram.DateHistogramFacetParser.parse(DateHistogramFacetParser.java:174) at org.elasticsearch.search.facet.FacetParseElement.parse(FacetParseElement.java:93) at org.elasticsearch.search.SearchService.parseSource(SearchService.java:731)