robcowart
commented
3 years ago The SNMP logs are a more recent feature to Suricata and are not handled currently in this solution. You would need to disable them in your suricata.yml config file.
Closed ngms17 closed 3 years ago
robcowart
commented
3 years ago The SNMP logs are a more recent feature to Suricata and are not handled currently in this solution. You would need to disable them in your suricata.yml config file.
I am getting this error.
[2020-09-01T11:56:07,289][WARN ][logstash.outputs.elasticsearch][synlite_suricata][7f0f636925cafdc45ccbf6445a1562dacede6781ba4cf6f1b34e30bf21e877ba] Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"suricata-1.1.0-2020.08.29", :routing=>nil, :_type=>"_doc"}, #], :response=>{"index"=>{"_index"=>"suricata-1.1.0-2020.08.29", "_type"=>"_doc", "_id"=>"_XhPSXQBd2cgVu2RSa1s", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"failed to parse field [snmp.vars] of type [float] in document with id '_XhPSXQBd2cgVu2RSa1s'. Preview of field's value: '1.3.6.1.2.1.25.3.2.1.5.1'", "caused_by"=>{"type"=>"number_format_exception", "reason"=>"multiple points"}}}}}
Can you please help me?