Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

parameter [_type] #6

Open
joseraeiro opened this issue Sep 28, 2022 · 2 comments
Open

parameter [_type] #6

joseraeiro opened this issue Sep 28, 2022 · 2 comments
Assignees
@dgunter

Comments

@joseraeiro
Copy link

Hello, I'm trying to use your script to import a Security.evtx file into Elasticsearch 8.4.2 but I'm getting the following error while trying to do so:

elasticsearch.BadRequestError: BadRequestError(400, 'illegal_argument_exception', 'Action/metadata line [1] contains an unknown parameter [_type]')
None
Failed to bulk data to Elasticsearch

How can I solve this?

Thank you advance.
@joseraeiro
Copy link
Author

joseraeiro commented Sep 28, 2022
edited
Loading

Was able to comment the line containing "_type": elk_index, in the ~/.local/lib/python3.10/site-packages/evtxtoelk/__init__.py file and now appears to be working.

Also, before that, to make it work I had to set this in elasticsearch.yml

xpack.security.enabled: false

and then restart elasticsearch.

@dgunter
Copy link
Owner

dgunter commented Oct 3, 2022

Yeah we need to push this change for the ELK 8 changes. I'll push this change this week and get pip updated.

@dgunter dgunter self-assigned this Oct 3, 2022
@dgunter dgunter mentioned this issue Oct 3, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dgunter dgunter

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dgunter @joseraeiro