Request error in v5.4.2

[b1gcat]

After request, I got the following response. And it says request error.

I use '_asset_src_ip' and '_asset_dst_ip' as source and dest.

could you give some hints to solve the problems?

{
"xhrStatus": "complete",
"request": {
"method": "POST",
"url": "api/datasources/proxy/1/_msearch",
"data": "{"search_type":"query_then_fetch","ignore_unavailable":true,"index":["netflow-ipfix-2019.04.24"],"max_concurrent_shard_requests":256}\n{"size":10,"query":{"bool":{"filter":[{"range":{"@timestamp":{"gte":"1556073474049","lte":"1556095074049","format":"epoch_millis"}}},{"query_string":{"analyze_wildcard":true,"query":"*"}}]}},"sort":{"@timestamp":{"order":"desc","unmapped_type":"boolean"}},"script_fields":{},"docvalue_fields":["@timestamp"]}\n"
},
"response": {
"responses": [
{
"took": 2,
"timed_out": false,
"_shards": {
"total": 1,
"successful": 1,
"skipped": 0,
"failed": 0
},
"hits": {
"total": 26589,
"max_score": null,
"hits": [
{
"_index": "netflow-ipfix-2019.04.24",
"_type": "doc",
"_id": "uv1-TmoBNS5zgp_OYyFU",
"_score": null,
"_source": {
"host": "192.168.1.6",
"netflow": {
"destinationTransportPort": "54063",
"sourceTransportPort": "443",
"sourceIPv4Address": "172.217.161.174",
"flowEndMilliseconds": "2019-04-24T08:37:27.648Z",
"sourceMacAddress": "38:ad:be:42:82:d0",
"destinationMacAddress": "00:30:68:a1:13:cd",
"version": 10,
"ingressInterface": 8,
"ethernetType": 2048,
"ipClassOfService": 32,
"tcpControlBits": 4,
"egressInterface": 11,
"flowEndReason": 3,
"octetDeltaCount": 40,
"ipNextHopIPv4Address": "0.0.0.0",
"protocolIdentifier": 6,
"destinationIPv4Address": "192.167.101.122",
"packetDeltaCount": 1,
"flowStartMilliseconds": "2019-04-24T08:37:27.648Z"
},
"_asset_dst_ip": "172.217.161.174",
"@timestamp": "2019-04-24T08:37:46.000Z",
"_agentinfo": {
"assetname_desc": "pc167_192.167.101.122",
"lng": "120.51",
"assetclass": "pc",
"lat": "30.40",
"assetname": "pc167_192.167.101.122",
"portlist": "T:1-65535",
"ip": "192.167.101.122",
"scan": "Empty"
},
"geoip": {
"city_name": "Mountain View",
"location": {
"lon": -122.0574,
"lat": 37.419200000000004
},
"region_name": "California",
"country_name": "United States"
},
"geoip_asset": {
"city_name": "Patti",
"location": {
"lon": 14.9888,
"lat": 38.1405
},
"region_name": "Province of Messina",
"country_name": "Italy"
},
"type": "netflow-ipfix",
"_asset_src_ip": "192.167.101.122",
"_asset_data_direction": "IN"
},
"fields": {
"@timestamp": [
"2019-04-24T08:37:46.000Z"
]
},
"sort": [
1556095066000
]
},
{
"_index": "netflow-ipfix-2019.04.24",
"_type": "doc",
"_id": "u_1-TmoBNS5zgp_OYyFU",
"_score": null,
"_source": {
"host": "192.168.1.6",
"netflow": {
"destinationTransportPort": "443",
"sourceTransportPort": "54104",
"sourceIPv4Address": "192.167.101.122",
"flowEndMilliseconds": "2019-04-24T08:37:27.767Z",
"sourceMacAddress": "6c:40:08:8d:27:9e",
"destinationMacAddress": "00:30:68:a1:13:cc",
"version": 10,
"ingressInterface": 11,
"ethernetType": 2048,
"ipClassOfService": 0,
"tcpControlBits": 16,
"egressInterface": 8,
"flowEndReason": 1,
"octetDeltaCount": 40,
"ipNextHopIPv4Address": "192.168.1.1",
"protocolIdentifier": 6,
"destinationIPv4Address": "185.199.108.154",
"packetDeltaCount": 1,
"flowStartMilliseconds": "2019-04-24T08:37:27.767Z"
},
"_asset_dst_ip": "185.199.108.154",
"@timestamp": "2019-04-24T08:37:46.000Z",
"_agentinfo": {
"assetname_desc": "pc167_192.167.101.122",
"lng": "120.51",
"assetclass": "pc",
"lat": "30.40",
"assetname": "pc167_192.167.101.122",
"portlist": "T:1-65535",
"ip": "192.167.101.122",
"scan": "Empty"
},
"geoip": {
"location": {
"lon": 4.8995,
"lat": 52.3824
},
"country_name": "Netherlands"
},
"geoip_asset": {
"city_name": "Patti",
"location": {
"lon": 14.9888,
"lat": 38.1405
},
"region_name": "Province of Messina",
"country_name": "Italy"
},
"type": "netflow-ipfix",
"_asset_src_ip": "192.167.101.122",
"_asset_data_direction": "OUT"
},
"fields": {
"@timestamp": [
"2019-04-24T08:37:46.000Z"
]
},
"sort": [
1556095066000
]
},
{
"_index": "netflow-ipfix-2019.04.24",
"_type": "doc",
"_id": "vP1-TmoBNS5zgp_OYyFU",
"_score": null,
"_source": {
"host": "192.168.1.6",
"netflow": {
"destinationTransportPort": "54104",
"sourceTransportPort": "443",
"sourceIPv4Address": "185.199.108.154",
"flowEndMilliseconds": "2019-04-24T08:37:27.878Z",
"sourceMacAddress": "38:ad:be:42:82:d0",
"destinationMacAddress": "00:30:68:a1:13:cd",
"version": 10,
"ingressInterface": 8,
"ethernetType": 2048,
"ipClassOfService": 32,
"tcpControlBits": 16,
"egressInterface": 11,
"flowEndReason": 1,
"tcpOptions": 2164260864,
"octetDeltaCount": 52,
"ipNextHopIPv4Address": "0.0.0.0",
"protocolIdentifier": 6,
"destinationIPv4Address": "192.167.101.122",
"packetDeltaCount": 1,
"flowStartMilliseconds": "2019-04-24T08:37:27.878Z"
},
"_asset_dst_ip": "185.199.108.154",
"@timestamp": "2019-04-24T08:37:46.000Z",
"_agentinfo": {
"assetname_desc": "pc167_192.167.101.122",
"lng": "120.51",
"assetclass": "pc",
"lat": "30.40",
"assetname": "pc167_192.167.101.122",
"portlist": "T:1-65535",
"ip": "192.167.101.122",
"scan": "Empty"
},
"geoip": {
"location": {
"lon": 4.8995,
"lat": 52.3824
},
"country_name": "Netherlands"
},
"geoip_asset": {
"city_name": "Patti",
"location": {
"lon": 14.9888,
"lat": 38.1405
},
"region_name": "Province of Messina",
"country_name": "Italy"
},
"type": "netflow-ipfix",
"_asset_src_ip": "192.167.101.122",
"_asset_data_direction": "IN"
},
"fields": {
"@timestamp": [
"2019-04-24T08:37:46.000Z"
]
},
"sort": [
1556095066000
]
},
{
"_index": "netflow-ipfix-2019.04.24",
"_type": "doc",
"_id": "vf1-TmoBNS5zgp_OYyFU",
"_score": null,
"_source": {
"host": "192.168.1.6",
"netflow": {
"destinationTransportPort": "443",
"sourceTransportPort": "54141",
"sourceIPv4Address": "192.167.101.122",
"flowEndMilliseconds": "2019-04-24T08:37:29.088Z",
"sourceMacAddress": "6c:40:08:8d:27:9e",
"destinationMacAddress": "00:30:68:a1:13:cc",
"version": 10,
"ingressInterface": 11,
"ethernetType": 2048,
"ipClassOfService": 0,
"tcpControlBits": 2,
"egressInterface": 8,
"flowEndReason": 1,
"tcpOptions": 1342177281,
"octetDeltaCount": 48,
"ipNextHopIPv4Address": "192.168.1.1",
"protocolIdentifier": 6,
"destinationIPv4Address": "216.58.200.78",
"packetDeltaCount": 1,
"flowStartMilliseconds": "2019-04-24T08:37:29.088Z"
},
"_asset_dst_ip": "216.58.200.78",
"@timestamp": "2019-04-24T08:37:46.000Z",
"_agentinfo": {
"assetname_desc": "pc167_192.167.101.122",
"lng": "120.51",
"assetclass": "pc",
"lat": "30.40",
"assetname": "pc167_192.167.101.122",
"portlist": "T:1-65535",
"ip": "192.167.101.122",
"scan": "Empty"
},
"geoip": {
"city_name": "Mountain View",
"location": {
"lon": -122.0574,
"lat": 37.419200000000004
},
"region_name": "California",
"country_name": "United States"
},
"geoip_asset": {
"city_name": "Patti",
"location": {
"lon": 14.9888,
"lat": 38.1405
},
"region_name": "Province of Messina",
"country_name": "Italy"
},
"type": "netflow-ipfix",
"_asset_src_ip": "192.167.101.122",
"_asset_data_direction": "OUT"
},
"fields": {
"@timestamp": [
"2019-04-24T08:37:46.000Z"
]
},
"sort": [
1556095066000
]
},
{
"_index": "netflow-ipfix-2019.04.24",
"_type": "doc",
"_id": "vv1-TmoBNS5zgp_OYyFU",
"_score": null,
"_source": {
"host": "192.168.1.6",
"netflow": {
"destinationTransportPort": "80",
"sourceTransportPort": "54110",
"sourceIPv4Address": "192.167.101.122",
"flowEndMilliseconds": "2019-04-24T08:37:29.798Z",
"sourceMacAddress": "6c:40:08:8d:27:9e",
"destinationMacAddress": "00:30:68:a1:13:cc",
"version": 10,
"ingressInterface": 11,
"ethernetType": 2048,
"ipClassOfService": 0,
"tcpControlBits": 16,
"egressInterface": 8,
"flowEndReason": 1,
"octetDeltaCount": 40,
"ipNextHopIPv4Address": "192.168.1.1",
"protocolIdentifier": 6,
"destinationIPv4Address": "193.146.133.11",
"packetDeltaCount": 1,
"flowStartMilliseconds": "2019-04-24T08:37:29.798Z"
},
"_asset_dst_ip": "193.146.133.11",
"@timestamp": "2019-04-24T08:37:46.000Z",
"_agentinfo": {
"assetname_desc": "pc167_192.167.101.122",
"lng": "120.51",
"assetclass": "pc",
"lat": "30.40",
"assetname": "pc167_192.167.101.122",
"portlist": "T:1-65535",
"ip": "192.167.101.122",
"scan": "Empty"
},
"geoip": {
"location": {
"lon": -3.684,
"lat": 40.4172
},
"country_name": "Spain"
},
"geoip_asset": {
"city_name": "Patti",
"location": {
"lon": 14.9888,
"lat": 38.1405
},
"region_name": "Province of Messina",
"country_name": "Italy"
},
"type": "netflow-ipfix",
"_asset_src_ip": "192.167.101.122",
"_asset_data_direction": "OUT"
},
"fields": {
"@timestamp": [
"2019-04-24T08:37:46.000Z"
]
},
"sort": [
1556095066000
]
},
{
"_index": "netflow-ipfix-2019.04.24",
"_type": "doc",
"_id": "v_1-TmoBNS5zgp_OYyFU",
"_score": null,
"_source": {
"host": "192.168.1.6",
"netflow": {
"destinationTransportPort": "54110",
"sourceTransportPort": "80",
"sourceIPv4Address": "193.146.133.11",
"flowEndMilliseconds": "2019-04-24T08:37:30.217Z",
"sourceMacAddress": "38:ad:be:42:82:d0",
"destinationMacAddress": "00:30:68:a1:13:cd",
"version": 10,
"ingressInterface": 8,
"ethernetType": 2048,
"ipClassOfService": 32,
"tcpControlBits": 16,
"egressInterface": 11,
"flowEndReason": 1,
"octetDeltaCount": 40,
"ipNextHopIPv4Address": "0.0.0.0",
"protocolIdentifier": 6,
"destinationIPv4Address": "192.167.101.122",
"packetDeltaCount": 1,
"flowStartMilliseconds": "2019-04-24T08:37:30.217Z"
},
"_asset_dst_ip": "193.146.133.11",
"@timestamp": "2019-04-24T08:37:46.000Z",
"_agentinfo": {
"assetname_desc": "pc167_192.167.101.122",
"lng": "120.51",
"assetclass": "pc",
"lat": "30.40",
"assetname": "pc167_192.167.101.122",
"portlist": "T:1-65535",
"ip": "192.167.101.122",
"scan": "Empty"
},
"geoip": {
"location": {
"lon": -3.684,
"lat": 40.4172
},
"country_name": "Spain"
},
"geoip_asset": {
"city_name": "Patti",
"location": {
"lon": 14.9888,
"lat": 38.1405
},
"region_name": "Province of Messina",
"country_name": "Italy"
},
"type": "netflow-ipfix",
"_asset_src_ip": "192.167.101.122",
"_asset_data_direction": "IN"
},
"fields": {
"@timestamp": [
"2019-04-24T08:37:46.000Z"
]
},
"sort": [
1556095066000
]
},
{
"_index": "netflow-ipfix-2019.04.24",
"_type": "doc",
"_id": "wP1-TmoBNS5zgp_OYyFU",
"_score": null,
"_source": {
"host": "192.168.1.6",
"netflow": {
"destinationTransportPort": "443",
"sourceTransportPort": "54147",
"sourceIPv4Address": "192.167.101.122",
"flowEndMilliseconds": "2019-04-24T08:37:32.507Z",
"sourceMacAddress": "6c:40:08:8d:27:9e",
"destinationMacAddress": "00:30:68:a1:13:cc",
"version": 10,
"ingressInterface": 11,
"ethernetType": 2048,
"ipClassOfService": 0,
"tcpControlBits": 26,
"egressInterface": 8,
"flowEndReason": 2,
"tcpOptions": 4177526785,
"octetDeltaCount": 1679,
"ipNextHopIPv4Address": "192.168.1.1",
"protocolIdentifier": 6,
"destinationIPv4Address": "35.241.23.245",
"packetDeltaCount": 18,
"flowStartMilliseconds": "2019-04-24T08:37:31.437Z"
},
"_asset_dst_ip": "35.241.23.245",
"@timestamp": "2019-04-24T08:37:46.000Z",
"_agentinfo": {
"assetname_desc": "pc167_192.167.101.122",
"lng": "120.51",
"assetclass": "pc",
"lat": "30.40",
"assetname": "pc167_192.167.101.122",
"portlist": "T:1-65535",
"ip": "192.167.101.122",
"scan": "Empty"
},
"geoip": {
"city_name": "Mountain View",
"location": {
"lon": -122.0574,
"lat": 37.419200000000004
},
"region_name": "California",
"country_name": "United States"
},
"geoip_asset": {
"city_name": "Patti",
"location": {
"lon": 14.9888,
"lat": 38.1405
},
"region_name": "Province of Messina",
"country_name": "Italy"
},
"type": "netflow-ipfix",
"_asset_src_ip": "192.167.101.122",
"_asset_data_direction": "OUT"
},
"fields": {
"@timestamp": [
"2019-04-24T08:37:46.000Z"
]
},
"sort": [
1556095066000
]
},
{
"_index": "netflow-ipfix-2019.04.24",
"_type": "doc",
"_id": "wf1-TmoBNS5zgp_OYyFU",
"_score": null,
"_source": {
"host": "192.168.1.6",
"netflow": {
"destinationTransportPort": "54147",
"sourceTransportPort": "443",
"sourceIPv4Address": "35.241.23.245",
"flowEndMilliseconds": "2019-04-24T08:37:32.578Z",
"sourceMacAddress": "38:ad:be:42:82:d0",
"destinationMacAddress": "00:30:68:a1:13:cd",
"version": 10,
"ingressInterface": 8,
"ethernetType": 2048,
"ipClassOfService": 32,
"tcpControlBits": 26,
"egressInterface": 11,
"flowEndReason": 2,
"tcpOptions": 4043309056,
"octetDeltaCount": 7767,
"ipNextHopIPv4Address": "0.0.0.0",
"protocolIdentifier": 6,
"destinationIPv4Address": "192.167.101.122",
"packetDeltaCount": 15,
"flowStartMilliseconds": "2019-04-24T08:37:31.517Z"
},
"_asset_dst_ip": "35.241.23.245",
"@timestamp": "2019-04-24T08:37:46.000Z",
"_agentinfo": {
"assetname_desc": "pc167_192.167.101.122",
"lng": "120.51",
"assetclass": "pc",
"lat": "30.40",
"assetname": "pc167_192.167.101.122",
"portlist": "T:1-65535",
"ip": "192.167.101.122",
"scan": "Empty"
},
"geoip": {
"city_name": "Mountain View",
"location": {
"lon": -122.0574,
"lat": 37.419200000000004
},
"region_name": "California",
"country_name": "United States"
},
"geoip_asset": {
"city_name": "Patti",
"location": {
"lon": 14.9888,
"lat": 38.1405
},
"region_name": "Province of Messina",
"country_name": "Italy"
},
"type": "netflow-ipfix",
"_asset_src_ip": "192.167.101.122",
"_asset_data_direction": "IN"
},
"fields": {
"@timestamp": [
"2019-04-24T08:37:46.000Z"
]
},
"sort": [
1556095066000
]
},
{
"_index": "netflow-ipfix-2019.04.24",
"_type": "doc",
"_id": "wv1-TmoBNS5zgp_OYyFU",
"_score": null,
"_source": {
"host": "192.168.1.6",
"netflow": {
"destinationTransportPort": "443",
"sourceTransportPort": "51278",
"sourceIPv4Address": "192.167.101.122",
"flowEndMilliseconds": "2019-04-24T08:37:37.638Z",
"sourceMacAddress": "6c:40:08:8d:27:9e",
"destinationMacAddress": "00:30:68:a1:13:cc",
"version": 10,
"ingressInterface": 11,
"ethernetType": 2048,
"ipClassOfService": 0,
"tcpControlBits": 24,
"egressInterface": 8,
"flowEndReason": 2,
"octetDeltaCount": 474,
"ipNextHopIPv4Address": "192.168.1.1",
"protocolIdentifier": 6,
"destinationIPv4Address": "180.163.21.111",
"packetDeltaCount": 4,
"flowStartMilliseconds": "2019-04-24T08:37:31.927Z"
},
"_asset_dst_ip": "180.163.21.111",
"@timestamp": "2019-04-24T08:37:46.000Z",
"_agentinfo": {
"assetname_desc": "pc167_192.167.101.122",
"lng": "120.51",
"assetclass": "pc",
"lat": "30.40",
"assetname": "pc167_192.167.101.122",
"portlist": "T:1-65535",
"ip": "192.167.101.122",
"scan": "Empty"
},
"geoip": {
"city_name": "Shanghai",
"location": {
"lon": 121.3997,
"lat": 31.0456
},
"region_name": "Shanghai",
"country_name": "China"
},
"geoip_asset": {
"city_name": "Patti",
"location": {
"lon": 14.9888,
"lat": 38.1405
},
"region_name": "Province of Messina",
"country_name": "Italy"
},
"type": "netflow-ipfix",
"_asset_src_ip": "192.167.101.122",
"_asset_data_direction": "OUT"
},
"fields": {
"@timestamp": [
"2019-04-24T08:37:46.000Z"
]
},
"sort": [
1556095066000
]
},
{
"_index": "netflow-ipfix-2019.04.24",
"_type": "doc",
"_id": "w_1-TmoBNS5zgp_OYyFU",
"_score": null,
"_source": {
"host": "192.168.1.6",
"netflow": {
"destinationTransportPort": "51278",
"sourceTransportPort": "443",
"sourceIPv4Address": "180.163.21.111",
"flowEndMilliseconds": "2019-04-24T08:37:37.638Z",
"sourceMacAddress": "38:ad:be:42:82:d0",
"destinationMacAddress": "00:30:68:a1:13:cd",
"version": 10,
"ingressInterface": 8,
"ethernetType": 2048,
"ipClassOfService": 32,
"tcpControlBits": 24,
"egressInterface": 11,
"flowEndReason": 2,
"octetDeltaCount": 3194,
"ipNextHopIPv4Address": "0.0.0.0",
"protocolIdentifier": 6,
"destinationIPv4Address": "192.167.101.122",
"packetDeltaCount": 4,
"flowStartMilliseconds": "2019-04-24T08:37:31.967Z"
},
"_asset_dst_ip": "180.163.21.111",
"@timestamp": "2019-04-24T08:37:46.000Z",
"_agentinfo": {
"assetname_desc": "pc167_192.167.101.122",
"lng": "120.51",
"assetclass": "pc",
"lat": "30.40",
"assetname": "pc167_192.167.101.122",
"portlist": "T:1-65535",
"ip": "192.167.101.122",
"scan": "Empty"
},
"geoip": {
"city_name": "Shanghai",
"location": {
"lon": 121.3997,
"lat": 31.0456
},
"region_name": "Shanghai",
"country_name": "China"
},
"geoip_asset": {
"city_name": "Patti",
"location": {
"lon": 14.9888,
"lat": 38.1405
},
"region_name": "Province of Messina",
"country_name": "Italy"
},
"type": "netflow-ipfix",
"_asset_src_ip": "192.167.101.122",
"_asset_data_direction": "IN"
},
"fields": {
"@timestamp": [
"2019-04-24T08:37:46.000Z"
]
},
"sort": [
1556095066000
]
}
]
},
"status": 200
}
]
}
}

[gretamosa]

Could you give me more information about these error? Grafana doesn't support nested datatypes from Elasticsearch but the variables you use are not part from it so I'm not sure if it is related.