Closed
Bug 1375245
Opened 7 years ago
Closed 6 years ago
MozDef data producers producing inconsistently typed data in details.future and details.current
Categories
(Enterprise Information Security Graveyard :: MozDef, task)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: gene, Assigned: phrozyn)
Details
It appears that there is/are data producer(s) which are putting events into mozdef with a field and differently typed data for that field. The two fields that show this in the events-weekly index, implying that within the last week, conflicting typed data like this has been put into mozdef, are : details.current details.future I'd recommend * Determining the producers causing this and if it is multiple producers colliding with the same field name, have it changed, or if one producer producing differently typed data, have it fixed * Setup a monitor to detect when producers publish inconsistently typed data into mozdef You can see these fields by going to kibana Settings... Indices...events-weekly Sort by Indexed Look for fields of type "conflict"
Assignee | ||
Comment 1•7 years ago
|
||
Do you have a link to an example event? We encountered this before, but the field is not valuable to us, so I didn't fix it. It would require reindexing of data to do so.
Flags: needinfo?(gene)
Assignee | ||
Updated•7 years ago
|
Assignee: nobody → asmith
Updated•7 years ago
|
Status: NEW → ASSIGNED
Reporter | ||
Comment 2•7 years ago
|
||
> Do you have a link to an example event? No, I just encountered the report of this condition in kibana. Steps to reproduce are in Comment 0
Flags: needinfo?(gene)
Assignee | ||
Comment 3•7 years ago
|
||
yeah, I understand. https://bugzilla.mozilla.org/show_bug.cgi?id=1333906 Is the original bug regarding this
Assignee | ||
Updated•6 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 4•6 years ago
|
||
Out of curiosity, what was the resolution of this?
Updated•4 years ago
|
Product: Enterprise Information Security → Enterprise Information Security Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•