Thanks James, now I can self-assign. I will close 507 and work on 508 soon. Thanks,
Jon On Tue, Oct 18, 2016 at 3:15 PM James Sirota <[email protected]> wrote: > Try now > > > > > On 10/18/16, 12:12 PM, "Jon Zeolla (JIRA)" <[email protected]> wrote: > > > > > [ > https://issues.apache.org/jira/browse/METRON-507?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15586376#comment-15586376 > ] > > > >Jon Zeolla edited comment on METRON-507 at 10/18/16 7:12 PM: > >------------------------------------------------------------- > > > >You [beat me]( > https://github.com/JonZeolla/incubator-metron/commit/956169c3da99a1379761e82f810f55fd5f16d915) > to the PR. I'm still not sure how to assign issues (i.e. this, METRON-508, > etc.) to myself... > > > > > >was (Author: [email protected]): > >You [beat me]( > https://github.com/JonZeolla/incubator-metron/commit/956169c3da99a1379761e82f810f55fd5f16d915) > to the PR. I was trying to figure out how to assign this and METRON-508 to > myself... > > > >> Elasticsearch is incorrectly indexing the Bro DNS "answers" field > >> ----------------------------------------------------------------- > >> > >> Key: METRON-507 > >> URL: https://issues.apache.org/jira/browse/METRON-507 > >> Project: Metron > >> Issue Type: Bug > >> Reporter: Jon Zeolla > >> Fix For: 0.2.2BETA > >> > >> Original Estimate: 10m > >> Remaining Estimate: 10m > >> > >> Currently the template provided to Elasticsearch for bro logs is > assuming that it will get an ip address in the answers field of a Bro DNS > log, however that is not always true. Depending on the type of record > being received, the contents could vary between IPs, domain names, or > character strings. Various RFCs outline this, however a good starting > point is RFC 1035 section 3.3. > >> Example error: > >> [1]: index [bro_index_2016.10.18.12], type [bro_doc], id [xyz-abc], > message [MapperParsingException[failed to parse [answers]]; nested: > IllegalArgumentException[failed to parse ip [something.example.com], not > a valid ip address];] > > > > > > > >-- > >This message was sent by Atlassian JIRA > >(v6.3.4#6332) > > > -- Jon
