Closed
Description
Request Type
Bug
Work Environment
| Question | Answer |
|---|---|
| OS version (server) | Ubuntu 16.04 |
| OS version (client) | Win 10 |
| TheHive version / git hash | 2.11.2 |
| Package Type | Docker |
| Browser type & version | N/A |
Problem Description
When attempting to sort Alerts by severity, the sort fails and if you leave the alerts window and return to it, no alerts are listed.
Steps to Reproduce
- Sort alerts by severity
- Leave alerts section of theHive
- Return to alerts section (no alerts listed)
Possible Solutions
Logs indicate the error is probably due to there being no mapping in ES for the threatLevel field to sort on:
[info] application - POST /api/alert/_search?range=0-15&sort=-threatLevel returned 500
org.elasticsearch.transport.RemoteTransportException: [Sara Grey][172.18.0.3:9300][indices:data/read/search]
Caused by: org.elasticsearch.action.search.SearchPhaseExecutionException: all shards failed
at org.elasticsearch.action.search.AbstractSearchAsyncAction.onFirstPhaseResult(AbstractSearchAsyncAction.java:206)
at org.elasticsearch.action.search.AbstractSearchAsyncAction$1.onFailure(AbstractSearchAsyncAction.java:152)
at org.elasticsearch.action.ActionListenerResponseHandler.handleException(ActionListenerResponseHandler.java:46)
at org.elasticsearch.transport.TransportService$DirectResponseChannel.processException(TransportService.java:874)
at org.elasticsearch.transport.TransportService$DirectResponseChannel.sendResponse(TransportService.java:852)
at org.elasticsearch.transport.TransportService$4.onFailure(TransportService.java:389)
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:39)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.elasticsearch.search.SearchParseException: No mapping found for [threatLevel] in order to sort on
at org.elasticsearch.search.sort.SortParseElement.addSortField(SortParseElement.java:213)
at org.elasticsearch.search.sort.SortParseElement.addCompoundSortField(SortParseElement.java:187)
at org.elasticsearch.search.sort.SortParseElement.parse(SortParseElement.java:85)
at org.elasticsearch.search.SearchService.parseSource(SearchService.java:856)
at org.elasticsearch.search.SearchService.createContext(SearchService.java:667)
at org.elasticsearch.search.SearchService.createAndPutContext(SearchService.java:633)
at org.elasticsearch.search.SearchService.executeQueryPhase(SearchService.java:377)
at org.elasticsearch.search.action.SearchServiceTransportAction$SearchQueryTransportHandler.messageReceived(SearchServiceTransportAction.java:368)
at org.elasticsearch.search.action.SearchServiceTransportAction$SearchQueryTransportHandler.messageReceived(SearchServiceTransportAction.java:365)
at org.elasticsearch.transport.TransportRequestHandler.messageReceived(TransportRequestHandler.java:33)