Failed to install template. {:message=>"Got response code '400' contacting Elasticsearch at URL

Question

Failed to install template. {:message=>"Got response code '400' contacting Elasticsearch at URL

MyCodeRocks opened this issue 4 years ago · 4 comments

Hi there,
Environment: Version: 6.8.9, Build: default/rpm/be2c7bf/2020-05-04T17:00:34.323820Z, JVM: 1.8.0_252

Have synesis_lite_snort working perfectly, now trying to get synesis_lite_suricata working. There is a constant error:
Failed to install template. {:message=>"Got response code '400' contacting Elasticsearch at URL http://127.0.0.1:9200

Even though I can curl to that url and navigate the elasticsearch. It wont load the template for synesis_lite_suricata. I have checked the path to the template in 30_ config output file and it is correct. So it seems to be something in the template that it wont allow it to install.

@robcowart any ideas?

Answer 1 · 2020-06-03T19:20:35.000Z

Tried to load the template manually:
curl -XPUT -H 'Content-Type: application/json' http://x.x.x.x:9200/_template/suricatatest -d@synlite_suricata.template.json
{"error":{"root_cause":[{"type":"illegal_argument_exception","reason":"Malformed [mappings] section for type [numeric_detection], should include an inner object describing the mapping"}],"type":"illegal_argument_exception","reason":"Malformed [mappings] section for type [numeric_detection], should include an inner object describing the mapping"},"status":400}

Answer 2 · 2020-06-03T19:26:39.000Z

Which release are you using. For ElasticStack 6.x you need 1.0.1. The 1.1.x releases are for Elastic Stack 7.x.

Answer 3 · 2020-06-03T20:34:15.000Z

I am using 6.x - thank you for the response @robcowart
Second question relating to this, is there a kibana 6.x version of the dashboards to import?

Answer 4 · 2020-06-03T20:42:14.000Z

i am being dumb - found it thank you for the clarification