Hi,
I installed Graylog_Content_Pack_WinDNS from the market palce. I get the
following error when it tries the grok pattern. It looks like it breaks at
ThreadID. Has anyone had this issue before?
[2015-09-30 11:07:38,089][DEBUG][action.bulk ] [Devil Hunter
Gabriel] [graylog_62][3] failed to execute bulk item (index) index
{[graylog_deflector][message][21f8b7f8-679e-11e5-9152-005056a62fed],
source[{"InternalID":"000000709FBB6020","SndRcv":"Rcv","Opcode":"Q","Time":"9/30/2015
11:07:32
AM","source":"abcdserver","gl2_source_input":"560c21f7e4b08e2b80160070","Name":"(3)123(2)31(3)168(3)192(7)in-addr(4)arpa(0)","gl2_source_node":"56a15ba1-4d9e-4a09-a8d5-f49c65a424b2","Protocol":"UDP","timestamp":"2015-09-30
18:07:37.000","Context":"PACKET","SourceModuleType":"im_file","level":6,"IP":"192.100.110.11","streams":[],"message":"9/30/2015
11:07:32 AM 0AD0 PACKET 000000709FBB6020 UDP Rcv
10.1","version":"1.1","EventReceivedTime":"2015-09-30
11:07:37","FlagsHex":"0001","SourceModuleName":"dns","Response":"NOERROR","XID":"a603","FlagsChar":"D","full_message":"9/30/2015
11:07:32 AM 0AD0 PACKET 000000709FBB6020 UDP Rcv 192.100.110.11 a603
Q [0001 D NOERROR] PTR
(3)123(2)31(3)168(3)192(7)in-addr(4)arpa(0)","ThreadID":"0AD0","QType":"PTR","_id":"21f8b7f8-679e-11e5-9152-005056a62fed"}]}
org.elasticsearch.index.mapper.MapperParsingException: failed to parse
[ThreadID]
at
org.elasticsearch.index.mapper.core.AbstractFieldMapper.parse(AbstractFieldMapper.java:411)
at
org.elasticsearch.index.mapper.object.ObjectMapper.serializeValue(ObjectMapper.java:706)
at
org.elasticsearch.index.mapper.object.ObjectMapper.parse(ObjectMapper.java:497)
at
org.elasticsearch.index.mapper.DocumentMapper.parse(DocumentMapper.java:544)
at
org.elasticsearch.index.mapper.DocumentMapper.parse(DocumentMapper.java:493)
at
org.elasticsearch.index.shard.IndexShard.prepareIndex(IndexShard.java:493)
at
org.elasticsearch.action.bulk.TransportShardBulkAction.shardIndexOperation(TransportShardBulkAction.java:409)
at
org.elasticsearch.action.bulk.TransportShardBulkAction.shardOperationOnPrimary(TransportShardBulkAction.java:148)
at
org.elasticsearch.action.support.replication.TransportShardReplicationOperationAction$PrimaryPhase.performOnPrimary(TransportShardReplicationOperationAction.java:574)
at
org.elasticsearch.action.support.replication.TransportShardReplicationOperationAction$PrimaryPhase$1.doRun(TransportShardReplicationOperationAction.java:440)
at
org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:36)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.NumberFormatException: For input string: "0AD0"
at
java.lang.NumberFormatException.forInputString(NumberFormatException.java:65)
at java.lang.Long.parseLong(Long.java:589)
at java.lang.Long.parseLong(Long.java:631)
at
org.elasticsearch.common.xcontent.support.AbstractXContentParser.longValue(AbstractXContentParser.java:145)
at
org.elasticsearch.index.mapper.core.LongFieldMapper.innerParseCreateField(LongFieldMapper.java:288)
at
org.elasticsearch.index.mapper.core.NumberFieldMapper.parseCreateField(NumberFieldMapper.java:239)
at
org.elasticsearch.index.mapper.core.AbstractFieldMapper.parse(AbstractFieldMapper.java:401)
... 13 more
Thank you for all your help.
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/93284a1f-23cb-4a2d-8ecb-0c2af3c7a711%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
