connectors icon indicating copy to clipboard operation
connectors copied to clipboard
verified publisher icon OpenCTI-Platform

object mapping for [labels] tried to parse field [null] as object, but found a concrete value

Open TIexplorer opened this issue 1 year ago • 1 comments

Prerequisites

  • [x] I read the Deployment and Setup section of the OpenCTI documentation as well as the Troubleshooting page and didn't find anything relevant to my problem.
  • [x] I went through old GitHub issues and couldn't find anything relevant
  • [x] I googled the issue and didn't find anything relevant

Description

Hello guys, does anyone know what is the reason and how to fix this error in the elastic connector? connector-elastic_1 | Arguments: (RequestError(400, 'document_parsing_exception', {'error': {'root_cause': [{'type': 'document_parsing_exception', 'reason': '[1:1009] object mapping for [labels] tried to parse field [null] as object, but found a concrete value'}], 'type': 'document_parsing_exception', 'reason': '[1:1009] object mapping for [labels] tried to parse field [null] as object, but found a concrete value'}, 'status': 400}), {'@timestamp': datetime.datetime(2024, 2, 3, 6, 29, 39, tzinfo=datetime.timezone.utc), 'event': {'created': '2024-02-06T09:57:37.124122Z', 'kind': 'enrichment', 'category': 'threat', 'type': 'indicator', 'dataset': 'threatintel.opencti', 'reference': ['https://www.abuseipdb.com/'], 'url': '/dashboard/observations/indicators/c57fa761-2ccf-41ac-983b-69c0e25c49b6'}, 'threatintel': {'confidence': 70, 'confidence_norm': 70, 'opencti': {'internal_id': 'c57fa761-2ccf-41ac-983b-69c0e25c49b6', 'valid_from': '2023-09-27T00:44:46.522Z', 'valid_until': '2023-10-27T00:44:46.522Z', 'original_pattern': "[ipv4-addr:value = '78.72.156.126']", 'pattern_type': 'stix', 'created_at': '2023-08-17T09:21:25.866Z', 'updated_at': '2023-08-17T09:21:25.866Z', 'revoked': True}, 'stix': {'id': 'indicator--0567b075-b4c6-52b9-8de3-bf7861d0ca36'}, 'indicator': {'type': 'ipv4-addr', 'ip': ['78.72.156.126'], 'marking': {'tlp': ['clear']}, 'description': 'Agressive IP known malicious on AbuseIPDB - countryCode: SE - abuseConfidenceScore: 100 - lastReportedAt: 2023-09-27T00:00:46+00:00', 'provider': 'AbuseIPDB'}}, 'labels': ['for_elastic']})

Environment

  1. OS (where OpenCTI server runs): { Debian 12 }
  2. OpenCTI version: 5.9.6

TIexplorer avatar Feb 06 '24 10:02 TIexplorer

UP

TIexplorer avatar Feb 08 '24 08:02 TIexplorer