Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/158
@dlyle65535 and I spent some time debugging. The
`unsupported_operation_exception` coming from Kibana seems to be caused by the
index templates not being loaded. The Kibana dashboard expects certain fields
to be of certain types. Without the index templates, Elasticsearch likely
chose a different type which caused the dashboard to blow up.
Now we need to figure out why Ansible did not create the index templates.
Digging through my logs, Ansible reported this when attempting to create the
index templates. This makes it seems like the templates exist, but clearly
they were not created.
```
TASK [metron_elasticsearch_templates : Add Elasticsearch templates for
topologies] ***
ok: [ec2-52-40-17-98.us-west-2.compute.amazonaws.com] =>
(item=/Users/nallen/Development/incubator-metron/metron-deployment/roles/metron_elasticsearch_templates/files/es_templates/bro_index.template)
ok: [ec2-52-40-17-98.us-west-2.compute.amazonaws.com] =>
(item=/Users/nallen/Development/incubator-metron/metron-deployment/roles/metron_elasticsearch_templates/files/es_templates/snort_index.template)
ok: [ec2-52-40-17-98.us-west-2.compute.amazonaws.com] =>
(item=/Users/nallen/Development/incubator-metron/metron-deployment/roles/metron_elasticsearch_templates/files/es_templates/yaf_index.template)
```
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
