metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From JonZeolla <>
Subject [GitHub] incubator-metron pull request #326: Update the bro_index elasticsearch templ...
Date Wed, 26 Oct 2016 03:12:14 GMT
GitHub user JonZeolla opened a pull request:

    Update the bro_index elasticsearch template to index *_body_len properly

    ## Problem
    The bro *_body_len fields in [HTTP::Info](
can exceed the range of an int, and so writing to ElasticSearch fails with the following exception:
    MapperParsingException[failed to parse [response_body_len]]; nested: JsonParseException[Numeric
value (9876543210) out of range of int
    ## Solution
    I updated the bro_index elasticsearch template to use a datatype of `long` for {request,response}_body_len,
as opposed to an `integer`.  

You can merge this pull request into a Git repository by running:

    $ git pull master

Alternatively you can review and apply these changes as the patch at:

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #326
commit d8efbf7af37a0a03131c7baaed74f197abc4f1de
Author: Jon Zeolla <>
Date:   2016-10-24T13:29:21Z

    Update the bro_index elasticsearch template to use a datatype of long for {request,response}_body_len


If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at or file a JIRA ticket
with INFRA.

View raw message