You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@metron.apache.org by "Nick Allen (JIRA)" <ji...@apache.org> on 2016/06/20 21:36:57 UTC

[jira] [Commented] (METRON-243) Kibana Error - [unsupported_operation_exception] custom format isn't supported

    [ https://issues.apache.org/jira/browse/METRON-243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15340450#comment-15340450 ] 

Nick Allen commented on METRON-243:
-----------------------------------

The dashboard expects certain data types for the Snort, Bro, and YAF indices.  If the indices were created WITHOUT the index template definitions, the dashboard will throw this error.

It seems that in some cases, the index templates that appear to be properly installed during deployment, are later dropped when Elasticsearch is restarted by Monit.  This is the root cause of the error.  Need to understand why the index templates are missing.

Follow these steps to work around the problem.

(1) Define which Elasticsearch host to interact with. Any Elasticsearch host should work.

export ES_HOST="http://ec2-52-25-237-20.us-west-2.compute.amazonaws.com:9200"

(2) Confirm the index templates are in fact missing.

curl -s -XPOST $ES_HOST/_template

(3) Manually load the index templates.

cd metron-deployment
curl -s -XPOST $ES_HOST/_template/bro_index -d @roles/metron_elasticsearch_templates/files/es_templates/bro_index.template
curl -s -XPOST $ES_HOST/_template/snort_index -d @roles/metron_elasticsearch_templates/files/es_templates/snort_index.template
curl -s -XPOST $ES_HOST/_template/yaf_index -d @roles/metron_elasticsearch_templates/files/es_templates/yaf_index.template

(4) Delete the existing indexes. Only a new index will use the templates defined in the previous step.

curl -s -XDELETE "$ES_HOST/_template/yaf_index*"
curl -s -XDELETE "$ES_HOST/_template/bro_index*"
curl -s -XDELETE "$ES_HOST/_template/snort_index*"

(5) Open up Kibana and wait for the new indexes to be created. The dashboard should now work.

> Kibana Error - [unsupported_operation_exception] custom format isn't supported
> ------------------------------------------------------------------------------
>
>                 Key: METRON-243
>                 URL: https://issues.apache.org/jira/browse/METRON-243
>             Project: Metron
>          Issue Type: Bug
>            Reporter: Nick Allen
>
> When using Metron's default dashboard in Kibana 4, the following error message is sometimes shown at the top of the page.
> Error: [unsupported_operation_exception] custom format isn't supported



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)