You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, Wazuh comminity!
I tried to send wazuh archives messages to Elasticsearch using this way: wazuh-agent-->wazuh-manager-->filebeat-->logstash-->NiFi-->Apache Metron-->Elasticsearch and got errors with full_log field:
ElasticsearchException[Elasticsearch
exception [type=mapper_parsing_exception, reason=failed to parse field
[full_log] of type [text] in document with id 'RXdFsXkBpCOV35lqkY0U'.Preview of field's value:'here message...'
Caused by: ElasticsearchException[Elasticsearch exception [type=illegal_state_exception, reason=Can't get text on a START_OBJECT at 1:1597]
I seen this errors was connected with alerts in 2019 #3513. But now I have them while I try index archives. Is exist some ways to evade this issue?
The text was updated successfully, but these errors were encountered:
Wazuh 4.1.2, I believe
Hi, Wazuh comminity!
I tried to send wazuh archives messages to Elasticsearch using this way: wazuh-agent-->wazuh-manager-->filebeat-->logstash-->NiFi-->Apache Metron-->Elasticsearch and got errors with full_log field:
I seen this errors was connected with alerts in 2019 #3513. But now I have them while I try index archives. Is exist some ways to evade this issue?
The text was updated successfully, but these errors were encountered: