[jira] [Commented] (METRON-243) Kibana Error - [unsupported_operation_exception] custom format isn't supported

Mon, 20 Jun 2016 14:37:28 -0700 

    [ 
https://issues.apache.org/jira/browse/METRON-243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15340450#comment-15340450
 ] 

Nick Allen commented on METRON-243:
-----------------------------------

The dashboard expects certain data types for the Snort, Bro, and YAF indices.  
If the indices were created WITHOUT the index template definitions, the 
dashboard will throw this error.

It seems that in some cases, the index templates that appear to be properly 
installed during deployment, are later dropped when Elasticsearch is restarted 
by Monit.  This is the root cause of the error.  Need to understand why the 
index templates are missing.

Follow these steps to work around the problem.

(1) Define which Elasticsearch host to interact with. Any Elasticsearch host 
should work.

export ES_HOST="http://ec2-52-25-237-20.us-west-2.compute.amazonaws.com:9200";

(2) Confirm the index templates are in fact missing.

curl -s -XPOST $ES_HOST/_template

(3) Manually load the index templates.

cd metron-deployment
curl -s -XPOST $ES_HOST/_template/bro_index -d 
@roles/metron_elasticsearch_templates/files/es_templates/bro_index.template
curl -s -XPOST $ES_HOST/_template/snort_index -d 
@roles/metron_elasticsearch_templates/files/es_templates/snort_index.template
curl -s -XPOST $ES_HOST/_template/yaf_index -d 
@roles/metron_elasticsearch_templates/files/es_templates/yaf_index.template

(4) Delete the existing indexes. Only a new index will use the templates 
defined in the previous step.

curl -s -XDELETE "$ES_HOST/_template/yaf_index*"
curl -s -XDELETE "$ES_HOST/_template/bro_index*"
curl -s -XDELETE "$ES_HOST/_template/snort_index*"

(5) Open up Kibana and wait for the new indexes to be created. The dashboard 
should now work.

> Kibana Error - [unsupported_operation_exception] custom format isn't supported
> ------------------------------------------------------------------------------
>
>                 Key: METRON-243
>                 URL: https://issues.apache.org/jira/browse/METRON-243
>             Project: Metron
>          Issue Type: Bug
>            Reporter: Nick Allen
>
> When using Metron's default dashboard in Kibana 4, the following error 
> message is sometimes shown at the top of the page.
> Error: [unsupported_operation_exception] custom format isn't supported



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to