-
Notifications
You must be signed in to change notification settings - Fork 69
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Mapper not found: [linux] #432
Comments
will look into it. |
thanks for creating the issue. created a pr to fix it. |
Hi @sbcd90 "version": { |
this is the same problem as described weeks ago via #320 |
Hi @dsek |
yeah ... i've no idea ... maybe somebody of the security-analytics team may take care of it. // sarcasm:on |
hi @paasi6666 , @dsek , @Aloush-ha , i'm extremely sorry if this issue caused any inconveniences to you. This issue will be fixed in |
sounds good! 👍 |
thank you @sbcd90 |
Thanks @sbcd90 |
Fix is available in 2.8 release |
Hi @sbcd90 As you can see, in System logs there is audit field, and some fields that not compatible with Linux syslog should I open another Issue for that? thank you |
Hi @Aloush-ha I think you should open a new issue since this one is closed. |
* [FEATURE] Detector must have at least one alert set opensearch-project#288 Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * [BUG] Create detector | Interval field can be empty opensearch-project#378 Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * Adjust styling for Finding details flyout opensearch-project#369 Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * unit tests Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * detector unit tests Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * detector unit tests Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * detector unit tests Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * detector unit tests Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * detector unit tests Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * detector unit tests Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * detector unit tests Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * detector unit tests Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * detector unit tests Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * unit tests review Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * unit tests review Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * unit tests review Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * unit tests review Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * unit tests review Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * unit tests review Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * unit tests review Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * unit tests review Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * Feature/update vertical domain #372 Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * Unit tests for public components opensearch-project#383 Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * Unit tests for public components opensearch-project#383 Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * Unit tests for public components opensearch-project#383 Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * Unit tests for public components opensearch-project#383 Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * Unit tests for public components opensearch-project#383 [BUG] Detector Edit | Custom rule are not selected on update rules opensearch-project#406 Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * Unit tests for public components opensearch-project#383 [BUG] Detector Edit | Custom rule are not selected on update rules opensearch-project#406 Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * PR code review Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * PR code review Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * PR code review Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * [FEATURE] Create detector | Make data source multi-select field opensearch-project#419 Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * [FEATURE] Create detector | Make data source multi-select field opensearch-project#419 Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * [FEATURE] Create detector | Make data source multi-select field opensearch-project#419 Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * [FEATURE] Create detector | Make data source multi-select field opensearch-project#419 Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * [FEATURE] Create detector | Make data source multi-select field opensearch-project#419 Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * [FEATURE] Create detector | Make data source multi-select field opensearch-project#419 Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * [FEATURE] Create detector | Make data source multi-select field opensearch-project#419 Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * [FEATURE] Create detector | Make data source multi-select field opensearch-project#419 Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * [FEATURE] Create detector | Make data source multi-select field opensearch-project#419 Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * unit tests fix Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * Code review Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * Code review Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * Code review Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * Code review Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * Code review Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * Code review Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> * snapshot fix Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com> --------- Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com>
What is the bug?
When defining a new detector and selecting the "System Logs" type, the "Configure field mapping" are empty.
How can one reproduce the bug?
Steps to reproduce the behavior:
{"ok":false,"error":"[illegal_argument_exception] Mapper not found: [linux]"}
What is the expected behavior?
Like the other types (Azure logs for example):
Also, when following the link:
{"ok":true,"response":{"properties":{},"unmapped_index_fields":
What is your host/environment?
The text was updated successfully, but these errors were encountered: