[Bug]

[blainedw]

Describe the bug
Running Emerging Threats analyzer finishes successfully but the results all report Error.

To Reproduce
Pick EmergingThreat_IPinfo analyzer
Input an IP address, say 8.8.8.8
Run analyzer
Show results

Expected behavior
More than error ;)

Complementary information
Results below
{
"summary": {
"taxonomies": []
},
"full": {
"events": "Error",
"geoloc": "Error",
"samples": "Error",
"urls": "Error",
"whois": "Error",
"reputation": "Error",
"nameservers": "Error",
"ips": "Error"
},
"success": true,
"artifacts": [],
"operations": []
}
Work environment

• Client OS: Windows 7 64 bit
• Server OS: RHEL 7
• Browse type and version: IE 11 and Firefox 65.0.1
• Cortex version:
  Cortex

2.1.3-1

Elastic4Play

1.7.2

Play

2.6.20

Elastic4s

5.6.6

ElasticSearch client

5.6.9

ElasticSearch cluster

5.6.14

• Cortex Analyzer/Responder name: EmergingThreats_IPInfo
• Cortex Analyzer/Responder version: 1.0

[garanews]

Hello, just tried and in my case is working. I am on ubuntu.

[blainedw]

OK, I found that my buddy gave me a bad API key originally. So I got that straightened out. Interesting that the analyzer didn’t complain about that! Now I get this error: Report creation failure: org.elastic4play.CreateError: rejected execution of org.elasticsearch.transport.TransportService$7@2dd91ab7 on EsThreadPoolExecutor[bulk, queue capacity = 1000, org.elasticsearch.common.util.concurrent.EsThreadPoolExecutor@70768caf[Running, pool size = 1, active threads = 1, queued tasks = 1000, completed tasks = 904]] Dave.

…

---------------------------------------------------------------------- This is an e-mail from General Dynamics Land Systems. It is for the intended recipient only and may contain confidential and privileged information. No one else may read, print, store, copy, forward or act in reliance on it or its attachments. If you are not the intended recipient, please return this message to the sender and delete the message and any attachments from your computer. Your cooperation is appreciated.

[blainedw]

Nevermind. My bad. I didn’t properly set the bulk threads parameter for elasticsearch. Works now! Dave

…

---------------------------------------------------------------------- This is an e-mail from General Dynamics Land Systems. It is for the intended recipient only and may contain confidential and privileged information. No one else may read, print, store, copy, forward or act in reliance on it or its attachments. If you are not the intended recipient, please return this message to the sender and delete the message and any attachments from your computer. Your cooperation is appreciated.