[
https://issues.apache.org/jira/browse/METRON-196?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15952942#comment-15952942
]
ASF GitHub Bot commented on METRON-196:
---------------------------------------
Github user JonZeolla commented on the issue:
https://github.com/apache/incubator-metron/pull/499
Ok I've spun this up a few different ways now and I'm consistently seeing
no indexes being created in ES, but I am successfully getting what appears to
be valid snort and bro logs to the indexing topic.
```
[vagrant@node1 /]$ curl -XGET 'localhost:9200/_cat/indices?v&pretty'
health status index pri rep docs.count docs.deleted store.size
pri.store.size
green open .kibana 1 0 52 0 57.6kb
57.6kb
```
Storm UI is showing no activity in the indexing bolts/spout.
<img width="1668" alt="screen shot 2017-04-02 at 10 25 40 pm"
src="https://cloud.githubusercontent.com/assets/1385510/24593618/55f7ced6-17f3-11e7-93ac-0e722bb5da26.png";>
The worker.log for indexing shows
```
2017-04-03 02:15:29.420 STDERR [INFO] Error: Could not find or load main
class ${topology.worker.childopts}
```
I'm not 100% sure why this is happening but my initial thought is to take a
closer look at aef84636a3427da20b1d54acfe1b8de23e2aaf97.
> Deployment Fails Without Ansible 2.0.0.2
> ----------------------------------------
>
> Key: METRON-196
> URL: https://issues.apache.org/jira/browse/METRON-196
> Project: Metron
> Issue Type: Improvement
> Reporter: Nick Allen
> Priority: Minor
> Labels: 0.2.2BETA
>
> The following error occurs when deploying Metron with versions other than
> 2.0.0.2; particularly version 2.0.1. The current work around is to ask users
> to downgrade Ansible version per
> https://cwiki.apache.org/confluence/display/METRON/Downgrade+Ansible.
> ASK [elasticsearch : Add Elasticsearch templates for topologies]
> **************
> failed: [node1] (item={u'sensor': u'bro', u'file': {'mappings': {'bro_doc':
> {'_timestamp': {'enabled': True}, 'properties':
> {'enrichments:geo:ip_dst_addr:location_point': {'type': 'geo_point'},
> 'timestamp': {'type': 'date', 'format': 'epoch_millis'}}}}, 'template':
> 'bro_index*'}}) => {"content": "", "content_length": "450", "content_type":
> "application/json; charset=UTF-8", "failed": true, "item": {"file":
> {"mappings": {"bro_doc": {"_timestamp": {"enabled": true}, "properties":
> {"enrichments:geo:ip_dst_addr:location_point": {"type": "geo_point"},
> "timestamp": {"format": "epoch_millis", "type": "date"}}}}, "template":
> "bro_index*"}, "sensor": "bro"}, "msg": "Status code was not [200]: HTTP
> Error 400: Bad Request", "redirected": false, "status": 400, "url":
> "http://node1:9200/_template/template_bro"}
> failed: [node1] (item={u'sensor': u'yaf', u'file': {'mappings': {'yaf_doc':
> {'_timestamp': {'enabled': True}, 'properties': {'uflags': {'type':
> 'string'}, 'pkt': {'type': 'string'}, 'app': {'type': 'string'}, 'rtt':
> {'type': 'string'}, 'tag': {'type': 'string'}, 'duration': {'type':
> 'string'}, 'riflags': {'type': 'string'}, 'sip': {'type': 'string'}, 'proto':
> {'type': 'string'}, 'rtag': {'type': 'string'}, 'oct': {'type': 'string'},
> 'risn': {'type': 'string'}, 'end-time': {'type': 'string'}, 'end-reason':
> {'type': 'string'}, 'timestamp': {'type': 'date', 'format': 'epoch_millis'},
> 'dp': {'type': 'string'}, 'enrichments:geo:ip_dst_addr:location_point':
> {'type': 'geo_point'}, 'roct': {'type': 'string'}, 'sp': {'type': 'string'},
> 'iflags': {'type': 'string'}, 'isn': {'type': 'string'}, 'ruflags': {'type':
> 'string'}, 'rpkt': {'type': 'string'}, 'dip': {'type': 'string'}}}},
> 'template': 'yaf_index*'}}) => {"content": "", "content_length": "450",
> "content_type": "application/json; charset=UTF-8", "failed": true, "item":
> {"file": {"mappings": {"yaf_doc": {"_timestamp": {"enabled": true},
> "properties": {"app": {"type": "string"}, "dip": {"type": "string"}, "dp":
> {"type": "string"}, "duration": {"type": "string"}, "end-reason": {"type":
> "string"}, "end-time": {"type": "string"},
> "enrichments:geo:ip_dst_addr:location_point": {"type": "geo_point"},
> "iflags": {"type": "string"}, "isn": {"type": "string"}, "oct": {"type":
> "string"}, "pkt": {"type": "string"}, "proto": {"type": "string"}, "riflags":
> {"type": "string"}, "risn": {"type": "string"}, "roct": {"type": "string"},
> "rpkt": {"type": "string"}, "rtag": {"type": "string"}, "rtt": {"type":
> "string"}, "ruflags": {"type": "string"}, "sip": {"type": "string"}, "sp":
> {"type": "string"}, "tag": {"type": "string"}, "timestamp": {"format":
> "epoch_millis", "type": "date"}, "uflags": {"type": "string"}}}}, "template":
> "yaf_index*"}, "sensor": "yaf"}, "msg": "Status code was not [200]: HTTP
> Error 400: Bad Request", "redirected": false, "status": 400, "url":
> "http://node1:9200/_template/template_yaf"}
> failed: [node1] (item={u'sensor': u'snort', u'file': {'mappings':
> {'snort_doc': {'_timestamp': {'enabled': True}, 'properties':
> {'enrichments:geo:ip_dst_addr:location_point': {'type': 'geo_point'},
> 'timestamp': {'type': 'date', 'format': 'epoch_millis'}}}}, 'template':
> 'snort_index*'}}) => {"content": "", "content_length": "450", "content_type":
> "application/json; charset=UTF-8", "failed": true, "item": {"file":
> {"mappings": {"snort_doc": {"_timestamp": {"enabled": true}, "properties":
> {"enrichments:geo:ip_dst_addr:location_point": {"type": "geo_point"},
> "timestamp": {"format": "epoch_millis", "type": "date"}}}}, "template":
> "snort_index*"}, "sensor": "snort"}, "msg": "Status code was not [200]: HTTP
> Error 400: Bad Request", "redirected": false, "status": 400, "url":
> "http://node1:9200/_template/template_snort"}
> to retry, use: --limit @../../playbooks/metron_full_install.retry
> PLAY RECAP
> *********************************************************************
> node1 : ok=70 changed=4 unreachable=0 failed=1
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
![https://cloud.githubusercontent.com/assets/1385510/24593618/55f7ced6-17f3-11e7-93ac-0e722bb5da26.png"](https://cloud.githubusercontent.com/assets/1385510/24593618/55f7ced6-17f3-11e7-93ac-0e722bb5da26.png"){kind=link}