Open Marshal27 opened 5 years ago
That seems a good point.
In what case is proto.keyword
null ? (Was wondering if you have the example from the exception you have triggered)
I think the issue may be mixing in other non-suricata log data in the index that does not contain a proto field? Or should that be handled. I'm not sure how to search for null proto.keyword values.
It maybe that mixing diff sources could be the issue but in Kibana (for the FPC links specifically ) they are based out of dashboards that are looking into specific Suricata generated (logs)indexes. Example ‘logstash-alert’, ‘logstash-http’.... etc. So an example of the log that recreates the issue would be interested to look at and investigate.
-- Regards, Peter Manev
On 25 Jan 2019, at 21:18, Orion Poplawski notifications@github.com wrote:
I think the issue may be mixing in other non-suricata log data in the index that does not contain a proto field? Or should that be handled. I'm not sure how to search for null proto.keyword values.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.
This is an issue with the toLowerCase() method when applied to null values on the doc.
The issue is in the FPC script to generate the URL. Would be a good idea to perform a null check on this value before attempting to generate the URL... I made the assumption that if the protocol is not available, you may not want a URL generated...