search

StamusNetworks / KTS

Kibana 4 Templates for Suricata IDPS
GNU General Public License v3.0
33 stars 14 forks source link

[illegal_argument_exception] after using ./load.sh #7

Closed Eagleman7 closed 8 years ago

Eagleman7 commented 8 years ago

On a Kibana 4.6.1 setup without running the patches and after using ./load.sh I am getting a balnk page when opening Timelion. When I inspect the page using chrome I am getting: Error: [illegal_argument_exception] mapper [hits] cannot be changed from type [long] to [int]

After applying the patches I am getting the same blank page.

After running this command you are able to load timelion:

curl -XPUT http://localhost:9200/.kibana/_mapping/timelion-sheet -d '{"timelion-sheet":{"properties":{"title":{"type":"string"},"hits":{"type":"long"},"description":{"type":"string"},"timelion_sheet":{"type":"string"},"timelion_interval":{"type":"string"},"timelion_other_interval":{"type":"string"},"timelion_chart_height":{"type":"integer"},"timelion_columns":{"type":"integer"},"timelion_rows":{"type":"integer"},"version":{"type":"long"},"kibanaSavedObjectMeta":{"properties":{"searchSourceJSON":{"type":"string"}}}}}}'

Any idea why KTS is not working with timelion with the default settings?

stamus commented 8 years ago

Regards, Peter Manev On 9 Oct 2016, at 09:49, Eagleman7 notifications@github.com wrote:

On a Kibana 4.6.1 setup without running the patches and after using ./load.sh I am getting a balnk page when opening Timelion. When I inspect the page using chrome I am getting: Error: [illegal_argument_exception] mapper [hits] cannot be changed from type [long] to [int]

After applying the patches I am getting the same blank page.

After running this command you are able to load timelion:

curl -XPUT http://localhost:9200/.kibana/_mapping/timelion-sheet -d '{"timelion-sheet":{"properties":{"title":{"type":"string"},"hits":{"type":"long"},"description":{"type":"string"},"timelion_sheet":{"type":"string"},"timelion_interval":{"type":"string"},"timelion_other_interval":{"type":"string"},"timelion_chart_height":{"type":"integer"},"timelion_columns":{"type":"integer"},"timelion_rows":{"type":"integer"},"version":{"type":"long"},"kibanaSavedObjectMeta":{"properties":{"searchSourceJSON":{"type":"string"}}}}}}'

Any idea why KTS is not working with timelion with the default settings?

I have stumbled upon that once or twice before. I think the reason for this is that the load.sh script is rather agressive.

If you do this through Scirius (web or command line ) - here is how : https://github.com/StamusNetworks/SELKS/wiki/How-to-load-or-update-dashboards

you should not have that issue.

Thanks

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

Eagleman7 commented 8 years ago

./load was indeed to aggresive. After importing the KTS dashboards as explained here: https://github.com/StamusNetworks/scirius/issues/79 the scirius command in the webgui can be used.