You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@metron.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/10/26 03:12:58 UTC

[jira] [Commented] (METRON-510) Update elasticsearch bro templates for *_body_len

    [ https://issues.apache.org/jira/browse/METRON-510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15607247#comment-15607247 ] 

ASF GitHub Bot commented on METRON-510:
---------------------------------------

GitHub user JonZeolla opened a pull request:

    https://github.com/apache/incubator-metron/pull/326

    Update the bro_index elasticsearch template to index *_body_len properly

    ## Problem
    
    [METRON-510](https://issues.apache.org/jira/browse/METRON-510)
    
    The bro *_body_len fields in [HTTP::Info](https://www.bro.org/sphinx/scripts/base/protocols/http/main.bro.html#type-HTTP::Info) can exceed the range of an int, and so writing to ElasticSearch fails with the following exception:
    ```
    MapperParsingException[failed to parse [response_body_len]]; nested: JsonParseException[Numeric value (9876543210) out of range of int
    ```
    
    ## Solution
    
    I updated the bro_index elasticsearch template to use a datatype of `long` for {request,response}_body_len, as opposed to an `integer`.  

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/JonZeolla/incubator-metron master

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/incubator-metron/pull/326.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #326
    
----
commit d8efbf7af37a0a03131c7baaed74f197abc4f1de
Author: Jon Zeolla <ze...@gmail.com>
Date:   2016-10-24T13:29:21Z

    Update the bro_index elasticsearch template to use a datatype of long for {request,response}_body_len

----


> Update elasticsearch bro templates for *_body_len
> -------------------------------------------------
>
>                 Key: METRON-510
>                 URL: https://issues.apache.org/jira/browse/METRON-510
>             Project: Metron
>          Issue Type: Bug
>            Reporter: Jon Zeolla
>            Assignee: Jon Zeolla
>             Fix For: 0.2.2BETA
>
>   Original Estimate: 5m
>  Remaining Estimate: 5m
>
> The bro *_body_len fields in [HTTP::Info](https://www.bro.org/sphinx/scripts/base/protocols/http/main.bro.html#type-HTTP::Info) can exceed the range of an int and should be changed to a long.  
> MapperParsingException[failed to parse [response_body_len]]; nested: JsonParseException[Numeric value (9876543210) out of range of int



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)