connectors icon indicating copy to clipboard operation
connectors copied to clipboard

Published 20 hours ago verified publisher icon OpenCTI-Platform

Error in ListenStream loop, exit.

Open mrd7790 opened this issue 11 months ago • 4 comments

I was using the connector to transfer data from OpenCTI to Elasticsearch, but then the usage stopped for about a week and no data was transferred, it shows me the following error in the container logs.

Environment

  1. OS ubuntu22
  2. OpenCTI version:OpenCTI 5.12.5
  3. OpenCTI elastic connector 5.12.33

Logs: {"timestamp": "2024-03-12T07:58:05.512836Z", "level": "ERROR", "name": "OpenCTI Elastic Connector", "message": "Error in ListenStream loop, exit.", "exc_info": "Traceback (most recent call last):\n File "/runtime/lib/python3.11/site-packages/pycti/connector/opencti_connector_helper.py", line 553, in run\n self.callback(msg)\n File "/runtime/lib/python3.11/site-packages/elastic/elastic.py", line 166, in _process_message\n return self.handle_create(timestamp, data)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File "/runtime/lib/python3.11/site-packages/elastic/elastic.py", line 133, in handle_create\n self.import_manager.import_cti_event(timestamp, data)\n File "/runtime/lib/python3.11/site-packages/elastic/import_manager.py", line 252, in import_cti_event\n entity = self.helper.api.indicator.read(\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File "/runtime/lib/python3.11/site-packages/pycti/entities/opencti_indicator.py", line 408, in read\n result = self.opencti.query(query, {"id": id})\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File "/runtime/lib/python3.11/site-packages/pycti/api/opencti_api_client.py", line 348, in query\n raise ValueError(\nValueError: {'name': 'Cannot query field "id" on type "LabelConnection".', 'message': 'Cannot query field "id" on type "LabelConnection".'}", "attributes": {"reason": "{'name': 'Cannot query field "id" on type "LabelConnection".', 'message': 'Cannot query field "id" on type "LabelConnection".'}"}}

docker compose: connector-elastic: image: opencti/connector-elastic:5.12.33 environment: - OPENCTI_URL=http://opencti:8080 - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN} - CONNECTOR_ID=${CONNECTOR_ELASTIC_ID} - CONNECTOR_LIVE_STREAM_ID=live # ID of the live stream created in the OpenCTI UI - CONNECTOR_LIVE_STREAM_LISTEN_DELETE=true - CONNECTOR_LIVE_STREAM_NO_DEPENDENCIES=true - "CONNECTOR_NAME=OpenCTI Elastic Connector" - CONNECTOR_SCOPE=elastic - CONNECTOR_CONFIDENCE_LEVEL=80 # From 0 (Unknown) to 100 (Fully trusted) - CONNECTOR_LOG_LEVEL=error - "CONNECTOR_ENTITY_NAME=Elastic Detection Cluster" - "CONNECTOR_ENTITY_DESCRIPTION=Elasticsearch detection engine cluster" - ELASTICSEARCH_HOSTS=http://192.168.204.122:9200 restart: always depends_on: - opencti

mrd7790 avatar Mar 12 '24 08:03 mrd7790