Closed Bug 1375245 Opened 7 years ago Closed 6 years ago

MozDef data producers producing inconsistently typed data in details.future and details.current

Categories

(Enterprise Information Security Graveyard :: MozDef, task)

Product:
Enterprise Information Security Graveyard
Component:
MozDef
Platform:
x86_64
Linux
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: gene, Assigned: phrozyn)

Details

It appears that there is/are data producer(s) which are putting events into mozdef with a field and differently typed data for that field.

The two fields that show this in the events-weekly index, implying that within the last week, conflicting typed data like this has been put into mozdef, are :

details.current
details.future

I'd recommend
* Determining the producers causing this and if it is multiple producers colliding with the same field name, have it changed, or if one producer producing differently typed data, have it fixed
* Setup a monitor to detect when producers publish inconsistently typed data into mozdef

You can see these fields by going to kibana

Settings... Indices...events-weekly
Sort by Indexed
Look for fields of type "conflict"
Do you have a link to an example event?

We encountered this before, but the field is not valuable to us, so I didn't fix it.
It would require reindexing of data to do so.
Flags: needinfo?(gene)
Assignee: nobody → asmith
Status: NEW → ASSIGNED
> Do you have a link to an example event?

No, I just encountered the report of this condition in kibana. Steps to reproduce are in Comment 0
Flags: needinfo?(gene)
yeah, I  understand.

https://bugzilla.mozilla.org/show_bug.cgi?id=1333906

Is the original bug regarding this
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Out of curiosity, what was the resolution of this?
Product: Enterprise Information Security → Enterprise Information Security Graveyard
You need to log in before you can comment on or make changes to this bug.