Import-index-templates.sh fails (2.2.0 fresh install)


#1

I’ve got a fresh install, and I’m having an issue loading the dashboards. The fresh install is monitoring correctly (packet count goes up after a pcap test), and I can see data in Kibana.

Loading the dashboards in /opt/rocknsm/rock-dashboards-master/ causes an error when checking versions (line 31). If I echo version and existing_version it shows a null entry and -1 respectively while parsing item es-ecs-mapping.json.

Should this have been run during the deploy script? Are there updated versions I can download for 2.2.0?

Thank you for the assistance,
-Jeff

Error:

[root@simplerockbuild elasticsearch]# pwd
/opt/rocknsm/rock-dashboards-master/configuration/elasticsearch

[root@simplerockbuild elasticsearch]# ./import-index-templates.sh http://127.0.0.1:9200
jq: error: syntax error, unexpected IDENT, expecting $end (Unix shell quoting issues?) at <top-level>, line 2:
mappings
jq: 1 compile error
./import-index-templates.sh: line 31: [: : integer expression expected
OK: 4
Changed: 0
Failed: 0

Line 31:
if [ "${version}" -gt "${existing_version}" ]; then

Status:

[root@simplerockbuild elasticsearch]# sudo rockctl status
ZOOKEEPER:
   Active: active (running) since Fri 2019-01-04 19:45:56 UTC; 1h 39min agoi
KAFKA:
   Active: active (running) since Fri 2019-01-04 19:45:57 UTC; 1h 39min agoi
BRO:
   Active: active (running) since Fri 2019-01-04 19:49:38 UTC; 1h 35min agoi
SURICATA:
   Active: active (running) since Fri 2019-01-04 19:46:46 UTC; 1h 38min agoi
FILEBEAT:
   Active: active (running) since Fri 2019-01-04 19:49:45 UTC; 1h 35min agoi
ELASTICSEARCH:
   Active: active (running) since Fri 2019-01-04 19:45:59 UTC; 1h 39min agoi
LOGSTASH:
   Active: active (running) since Fri 2019-01-04 19:49:45 UTC; 1h 35min agoi
KIBANA:
   Active: active (running) since Fri 2019-01-04 19:46:14 UTC; 1h 39min agoi
STENOGRAPHER:
   Active: active (exited) since Fri 2019-01-04 19:48:40 UTC; 1h 36min agoi
STENOGRAPHER@ENS224:
   Active: active (running) since Fri 2019-01-04 19:48:40 UTC; 1h 36min agoi

Packet Count:

[radmin@simplerockbuild ~]$ curl -s localhost:9200/_all/_count | jq '.'
{
  "count": 5992,
  "_shards": {
    "total": 8,
    "successful": 8,
    "skipped": 0,
    "failed": 0
  }
}

#2

you are correct about this error, thanks for bringing this to attention.

For temporary fix until someone fixes the upstream github repo, you can add brackets on the if statement on line 31, so that it would look like this:

if [[ “{version}" -gt "{existing_version}” ]]; then

Then re-run the rest as normal. You may get an error for one of the JQ compiles, however the script will still continue and work.
Loading Kibana saved objects and Logstash configs and restart should work too.

I just tested this on one of my installs, so please let me know if you continue to have any issues with this.

Also, feel free to reach out for anything else! Thanks for taking the time to submit this.


#3

I believe that even despite the errors shown that the implementation/input is sitll successful, however it is definitely ambiguous output that I have opened a ticket for on the repo: