TheHive4py icon indicating copy to clipboard operation
TheHive4py copied to clipboard

Published 20 hours ago verified publisher icon TheHive-Project

Elastic error when update alert with a file

Open joseluratm opened this issue 5 years ago • 1 comments

Request Type

Bug

Work Environment

Question Answer
OS version (server) Debian
TheHive4py version 1.5.3

Problem Description

hi!! When I try to update an alert by sending a file-type observable (100KB) I get the elasticSearch error:

document contains at least one immense term in field

if this file is uploaded at the creation of the alert I have no problem.

Steps to Reproduce

  1. Create alert
  2. Update alert with a file observable with a large file

Complementary information

I don't know if you can refer to this: https://github.com/TheHive-Project/TheHive4py/issues/119

thanks!!

joseluratm avatar Apr 30 '20 08:04 joseluratm

Hello @joseluratm could please share the code sample that generates this issue, and what field contains that immense term in field?

Do you have a better log output form TheHive (/etc/thehive/application.log)

nadouani avatar May 24 '20 14:05 nadouani