Good Day,
Just updated to 7.10 and while examining the kibana logs I find:
{"type":"log","@timestamp":"2020-11-25T20:37:07Z","tags":["error","plugins","securitySolution","plugins","securitySolution"],"pid":22460,"message":"Bulk Indexing of signals failed: reason: "No mapping found for [@timestamp] in order to sort on" type: "query_shard_exception" name: "Virtual Machine Fingerprinting" id: "cd23d3ba-a8a3-4b1d-9fd0-8946e06b9690" rule id: "5b03c9fb-9945-4d2f-9568-fd690fee3fba" signals index: ".siem-signals-default""}
It appears to being caused by a plugin? Is that a SIEM thing perhaps?
That is from the SIEM solutions plugin detection engine. You have a rule enabled called, "Virtual Machine Fingerprinting" which is using a source index to search for detections. That source index does not have a @timestamp to search against and therefore is giving you errors.
You can go to the detections page and disable the rule if you aren't using it. If you are using it and want it to run correctly you have to ensure that the source index it is looking for detections against has a @timestamp for it to operate correctly.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.