hi James, yes this was worked before until yesterday i update the snort index template. but now i have change back the snort index template but it still error like that. i also try to delete all the message from the kafka topic and send them back again but it still doesn't worked. there are no one error message in storm or my ES. the error message is only in my Kibana dashboard like what i sent on my previous email.
the fields that missing are only all enrichments:geo:ip_src_addr:* . all the geo-enriched for ip src addr On Thu, Apr 6, 2017 at 9:11 PM James Sirota <jsir...@apache.org> wrote: Sounds like it's having a problem with your enrichments field. Has this ever worked before? Are there any errors/warnings in ES logs? Are there any errors/warnings in the Storm logs? Also, if you attach the kafka command line consumer to the indexing topic do you see properly geo-enriched messages there? 06.04.2017, 05:30, "Youzha" <yuza.ras...@gmail.com>: hi, i have a problem with my enrichments dashboard. why the index pattern field for enrichment on my ES is missing suddenly? i don't know why suddenly i got this error message on my enrichment dashboard i have check the index pattern on my ES and yes the fields gone. anyone knows and can help me for this? need your advise pls ------------------- Thank you, James Sirota PPMC- Apache Metron (Incubating) jsirota AT apache DOT org
