Logstash error on 2.3.170 #9087
Replies: 1 comment 3 replies
-
|
Please provide more information. Is this coming from a Windows machine? If so, how are the logs getting from that Windows machine to your Security Onion deployment? |
Beta Was this translation helpful? Give feedback.
-
|
Using winlogbeat from the SO download page to forward windows event (winlogbeat output to logstash) |
Beta Was this translation helpful? Give feedback.
-
|
I'm not seeing this error with my Winlogbeat agents. Have you customized your Winlogbeat configuration or modified your Logstash configuration? You might want to update to Security Onion 2.3.181 and then download the new Winlogbeat agent from our Downloads page to make sure that the version matches properly. |
Beta Was this translation helpful? Give feedback.
-
|
no any custom changes in winlogbeat and logstash. I don't know how suddenly parsing broken. For some reason can't upgrade SO immediately. still trying to fix it. |
Beta Was this translation helpful? Give feedback.
-
Logstash error on 2.3.170
"reason"=>"failed to parse field [winlog.event_data.param1] of type [date] in document with id 'xxx'. Preview of field's value: 'Service stopped'", "caused_by"=>{"type"=>"illegal_argument_exception", "reason"=>"failed to parse date field [Service stopped] with format [strict_date_optional_time||epoch_millis]", "caused_by"=>{"type"=>"date_time_parse_exception", "reason"=>"Failed to parse with all enclosed parsersBeta Was this translation helpful? Give feedback.
All reactions