Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error in Discover in Opensearch's integration #448

Closed
mcasas993 opened this issue Oct 9, 2024 · 3 comments · Fixed by #458
Closed

Error in Discover in Opensearch's integration #448

mcasas993 opened this issue Oct 9, 2024 · 3 comments · Fixed by #458
Assignees
@QU3B1M
Labels
level/task Task issue request/operational Operational requests type/maintenance Maintenance issue

Comments

@mcasas993
Copy link
Member

Description

When we tested the integrations, we found an error in Discover section of Opensearch. The Discover doesn't show anything and expose this message:

illegal_argument_exception
Field [data.osquery.calendarTime] of type [keyword] does not support custom formats
Error: Bad Request
    at fetch_Fetch.fetchResponse (https://localhost:5602/7969/bundles/core/core.entry.js:15:392113)
    at async interceptResponse (https://localhost:5602/7969/bundles/core/core.entry.js:15:386867)
    at async https://localhost:5602/7969/bundles/core/core.entry.js:15:389834
@mcasas993 mcasas993 added level/task Task issue request/operational Operational requests type/maintenance Maintenance issue labels Oct 9, 2024
@mcasas993 mcasas993 changed the title Opensearch integration - Problems with Discover Solve problems with Discover in Opensearch integration Oct 9, 2024
@AlexRuiz7 AlexRuiz7 changed the title Solve problems with Discover in Opensearch integration Error in Discover in Opensearch's integration Oct 10, 2024
@QU3B1M QU3B1M self-assigned this Oct 10, 2024
@QU3B1M
Copy link
Member

QU3B1M commented Oct 11, 2024

Update report

For what I see on the wazuh-dashboard-plugins code, the field calendarTime is expected to be a string, I suspect that (being optimistic) the error could be that the time is being expressed with an Integer.

Currently working on reproducing the error correctly analyze the root cause and the possible fix.

@QU3B1M QU3B1M mentioned this issue Oct 14, 2024
Merged
3 tasks
@QU3B1M
Copy link
Member

QU3B1M commented Oct 14, 2024

The field's type value defined on the file integrations/opensearch/dashboards.ndjson that is used on the OpenSearch integration is incorrect causing the reported error to appear when the Discover module is accessed.

While fixing the type of the field data.osquery.calendarTime I've found that the field's type for data.virustotal.scan_date is also incorrect, now both are fixed.

@QU3B1M QU3B1M linked a pull request Oct 14, 2024 that will close this issue
Fix OpenSearch integration fields type error #458
Merged
3 tasks
@AlexRuiz7
Copy link
Member

We'll plan a new release of the OpenSearch integration dashboards.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@QU3B1M QU3B1M

Labels
level/task Task issue request/operational Operational requests type/maintenance Maintenance issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix OpenSearch integration fields type error wazuh/wazuh-indexer
3 participants
@AlexRuiz7 @mcasas993 @QU3B1M