search

socprime / SigmaUI

SIGMA UI is a free open-source application based on the Elastic stack and Sigma Converter (sigmac)
https://tdm.socprime.com
184 stars 34 forks source link

Import Index issue #10

Open Cyb3rSn0rlax opened 4 years ago

Cyb3rSn0rlax commented 4 years ago

Hello, Context: kibana 7.6.1 with opendistro plugin for security.

When i try run the import_es_index.py i get this error : python2 import_es_index.py

{u'acknowledged': True}
1 / 281 UZ3knmUBtApo-eN_puWZ
Traceback (most recent call last):
  File "import_es_index.py", line 39, in <module>
    import_index(SIGMA_DOC_INDEX_NAME+'_index.json', SIGMA_DOC_INDEX_NAME)
  File "import_es_index.py", line 31, in import_index
    es_dbc.insert_doc(index_name, doc_id, doc)
  File "/home/user/SigmaUI/ELK_import_export/es_db_connector.py", line 54, in insert_doc
    res = self.es.index(index=index, doc_type=index, id=doc_id, body=doc)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/utils.py", line 92, in _wrapped
    return func(*args, params=params, headers=headers, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/__init__.py", line 411, in index
    body=body,
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/transport.py", line 362, in perform_request
    timeout=timeout,
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 252, in perform_request
    self._raise_error(response.status, raw_data)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/base.py", line 282, in _raise_error
    status_code, error_message, additional_info
elasticsearch.exceptions.RequestError: RequestError(400, u'illegal_argument_exception', u'Rejecting mapping update to [sui_sigma_doc] as the final mapping would have more than 1 type: [_doc, sui_sigma_doc]')

My es_config.py : 

ES_host = ['localhost']
ES_http_auth = ('user', 'pass')
ES_port = 9200
ES_scheme = "https" # "http" or "https"

### if X-Pack is NOT installed
### use these configs
ES_use_ssl=True
ES_verify_certs=True
ES_ca_certs='/etc/elasticsearch/root-ca.pem'

### if X-Pack IS installed
## use these configs
#ES_use_ssl=True
### make sure we verify SSL certificates
#ES_verify_certs=False
### provide a path to CA certs on disk
#ES_ca_certs='/path/to/certs/cas.crt'

SIGMA_DOC_INDEX_NAME = "sui_sigma_doc"
pritster5 commented 2 years ago

I am also having this issue

pritster5 commented 2 years ago

This can be fixed by changing line 54 in es_db_connector.py: "res = self.es.index(index=index, doc_type=index, id=doc_id, body=doc)".

Change "doc_type=index" to doc_type="_doc"