Details
-
Bug
-
Status: Done
-
Minor
-
Resolution: Done
-
0.2.1BETA
-
None
-
None
Description
Hi,
So i am injecting the following bro log that has IPV6 addresses :-
{"http": {"ts":1467617777.886267,"uid":"CXkPNR186cdD0rqPi","id.orig_h":"2001:cdba:0:0:0:0:3257:9652","id.orig_p":49191,"id.resp_h":"2001:cdba:0:0:0:0:3257:9651","id.resp_p":80,"trans_depth":1,"method":"GET","host":"62.75.195.236","uri":"/?3a08b0be8322c244f5a1cb9c1057d941","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","request_body_len":0,"response_body_len":0,"status_code":200,"status_msg":"OK","tags":[]}}
The bro parser parses the above log all good but I happen to see error with the enrichment indexingBolt.
Please find attached the stacktrace for enrichment indexing bolt and also the storm log captured for bro parser.
Regards,
Neha
Attachments
Attachments
Issue Links
- is related to
-
METRON-403 Bro elasticsearch bulk index item fails when DNS response includes CNAME
- Done