dgunter / evtxtoelk

A lightweight tool to load Windows Event Log evtx files into Elasticsearch.
MIT License
115 stars 27 forks source link

parameter [_type] #6

Open joseraeiro opened 2 years ago

joseraeiro commented 2 years ago

Hello, I'm trying to use your script to import a Security.evtx file into Elasticsearch 8.4.2 but I'm getting the following error while trying to do so:

elasticsearch.BadRequestError: BadRequestError(400, 'illegal_argument_exception', 'Action/metadata line [1] contains an unknown parameter [_type]')
None
Failed to bulk data to Elasticsearch

How can I solve this?

Thank you advance.

joseraeiro commented 2 years ago

Was able to comment the line containing "_type": elk_index, in the ~/.local/lib/python3.10/site-packages/evtxtoelk/__init__.py file and now appears to be working.

Also, before that, to make it work I had to set this in elasticsearch.yml

xpack.security.enabled: false

and then restart elasticsearch.

dgunter commented 2 years ago

Yeah we need to push this change for the ELK 8 changes. I'll push this change this week and get pip updated.