python script for greynosie throws error
MarcOverIP opened this issue · comments
Daemon.log throws the following error when using a correct greynoise api key in config.json
In the ES data I see no greynoise data whatsoever. I do see the enrich_greynoise tag on each record in redirtraffic-*
2021-09-18 11:14:06,088 - ERROR - enrich_greynoise - module.py - run -- RequestError(400, 'x_content_parse_exception', '[1:212] [bool] failed to parse field [filter]')
Traceback (most recent call last):
File "/usr/share/redelk/bin/modules/enrich_greynoise/module.py", line 45, in run
hits = self.enrich_greynoise()
File "/usr/share/redelk/bin/modules/enrich_greynoise/module.py", line 100, in enrich_greynoise
last_es_data = self.get_last_es_data(ip)
File "/usr/share/redelk/bin/modules/enrich_greynoise/module.py", line 204, in get_last_es_data
es_results = raw_search(es_query, index='redirtraffic-*')
File "/usr/share/redelk/bin/modules/helpers.py", line 68, in raw_search
es_result = es.search(index=index, body=query, size=size)
File "/usr/local/lib/python3.6/dist-packages/elasticsearch/client/utils.py", line 152, in _wrapped
return func(*args, params=params, headers=headers, **kwargs)
File "/usr/local/lib/python3.6/dist-packages/elasticsearch/client/__init__.py", line 1663, in search
body=body,
File "/usr/local/lib/python3.6/dist-packages/elasticsearch/transport.py", line 392, in perform_request
raise e
File "/usr/local/lib/python3.6/dist-packages/elasticsearch/transport.py", line 365, in perform_request
timeout=timeout,
File "/usr/local/lib/python3.6/dist-packages/elasticsearch/connection/http_urllib3.py", line 269, in perform_request
self._raise_error(response.status, raw_data)
File "/usr/local/lib/python3.6/dist-packages/elasticsearch/connection/base.py", line 313, in _raise_error
status_code, error_message, additional_info
elasticsearch.exceptions.RequestError: RequestError(400, 'x_content_parse_exception', '[1:212] [bool] failed to parse field [filter]')