Errors in Logstash.log #2753
-
|
Security Onion 2.3.21 They just started occurring. Seems like the Suricata parser is not matching the type [suricata.] [2021-01-27T14:27:39,565][INFO ][logstash.outputs.elasticsearch] Retrying individual bulk actions that failed or were rejected by the previous bulk request. {:count=>1} Any ideas why or how to fix? Steve |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
|
What kind of install are you running? Standalone/Distributed? Are you using any custom parsing or log sources? Are you using Suricata for network metadata, or just alerts? I would expect that the |
Beta Was this translation helpful? Give feedback.
-
|
After a reboot it cleared up. Don't ask me why.... Thanks |
Beta Was this translation helpful? Give feedback.
-
|
@weslambert can you pls look at thread also, it looks like you have seen this issue before. I'm also getting "non-existent pipeline [suricata.]" on the SO 2.4.50. I am using Suricata as metadata engine. |
Beta Was this translation helpful? Give feedback.
What kind of install are you running? Standalone/Distributed? Are you using any custom parsing or log sources? Are you using Suricata for network metadata, or just alerts? I would expect that the
datasetportion, the name that comes after the.would be defined, but that does not seem to be the case.