Json mapper_parsing_exception

tjb6 · May 7, 2020, 12:41am

We are using graylog to process data collected by our network security sensors.
The data is form Zeek, and used to be text fields separated by ‘|’ symbols, we used a pipeline from the marketplace to process all of thesee.
A recent upgrade has converted the logs to JSON. I have created a new input, made a JSON extractor for it, and checked it with the ‘Try’ button. Everything to that point works.

Running the input shows no data, the graylog server.log shows a “mapper_parsing_exception” trying to extract the first JSON field - a timestamp. It’s apparently trying to parse it as a float.

How do I fix this?

tjb6 · May 7, 2020, 2:06am

Ok, it’s fixed, following advice I found in this forum

I rotated the indexes involved, and the data type sorted itself out.
I now need to check that our complicated dashboard has correct field names now.

system · May 21, 2020, 2:06am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Can't extract from JSON Graylog Central (peer support) pipeline-rules	5	1987	September 7, 2020
Failing JSON Extractor Graylog Central (peer support) pipeline-rules , debuggingpl	14	5856	December 28, 2018
Graylog 2.2 MapperParsingException on Exchange Logs Graylog Central (peer support)	10	848	March 28, 2017
Mapper Parsing Exception Graylog Central (peer support)	1	984	September 13, 2019
Index Error - mapper_parse_Exception Graylog Central (peer support)	1	827	January 19, 2018

Json mapper_parsing_exception

Related topics