search

devgc / EventMonkey

A Windows Event Processing Utility
Apache License 2.0
47 stars 3 forks source link

elasticsearch.exceptions.NotFoundError: TransportError #18

Open adrockthemc opened 7 years ago

adrockthemc commented 7 years ago

Hello,

I'm trying to get this working on a default install of elastic 5.5 and i get the following error:

Enumerating Event Files: 100% |###############################################################################################################| Traceback (most recent call last): File "./EventMonkey.py", line 290, in Main() File "./EventMonkey.py", line 234, in Main options File "/home/cdd/Work/EventMonkey/libem/WindowsEventManager.py", line 132, in init self._InitEsIndex() File "/home/cdd/Work/EventMonkey/libem/WindowsEventManager.py", line 196, in _InitEsIndex index=self.options.index_name File "/home/cdd/Work/EventMonkey/libem/elastichandler.py", line 141, in CheckForMapping doc_type = doc_type File "build/bdist.linux-x86_64/egg/elasticsearch/client/utils.py", line 73, in _wrapped File "build/bdist.linux-x86_64/egg/elasticsearch/client/indices.py", line 305, in get_mapping File "build/bdist.linux-x86_64/egg/elasticsearch/transport.py", line 312, in perform_request File "build/bdist.linux-x86_64/egg/elasticsearch/connection/http_urllib3.py", line 128, in perform_request File "build/bdist.linux-x86_64/egg/elasticsearch/connection/base.py", line 125, in _raise_error elasticsearch.exceptions.NotFoundError: TransportError(404, u'type_missing_exception', u'type[[winevent]] missing')<

I think the code is getting hung up when it determines whether or not an index exists or not. The code seems to die on the 404 exception rather than creating the index and moving on.

In the "WindowsEventManager.py" script, line 193, seems to be where the issue resides. commenting out this section and forcing the code to return to "False" will allow the script to complete without error.

see below: #Check if mapping exists# ''' result = esHandler.CheckForMapping( 'winevent', index=self.options.index_name ) ''' result = False

Is there a recommended version of elasticsearch or recommended configuration?

devgc commented 7 years ago

I think it only works with the old version 2.x. I would like to give this tool a major overhaul but unfortunately it may be a while before I can get to it.