Error in ListenStream loop, exit. #1924
Description
I was using the connector to transfer data from OpenCTI to Elasticsearch, but then the usage stopped for about a week and no data was transferred, it shows me the following error in the container logs.
Environment
- OS ubuntu22
- OpenCTI version:OpenCTI 5.12.5
- OpenCTI elastic connector 5.12.33
Logs:
{"timestamp": "2024-03-12T07:58:05.512836Z", "level": "ERROR", "name": "OpenCTI Elastic Connector", "message": "Error in ListenStream loop, exit.", "exc_info": "Traceback (most recent call last):\n File "/runtime/lib/python3.11/site-packages/pycti/connector/opencti_connector_helper.py", line 553, in run\n self.callback(msg)\n File "/runtime/lib/python3.11/site-packages/elastic/elastic.py", line 166, in _process_message\n return self.handle_create(timestamp, data)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File "/runtime/lib/python3.11/site-packages/elastic/elastic.py", line 133, in handle_create\n self.import_manager.import_cti_event(timestamp, data)\n File "/runtime/lib/python3.11/site-packages/elastic/import_manager.py", line 252, in import_cti_event\n entity = self.helper.api.indicator.read(\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File "/runtime/lib/python3.11/site-packages/pycti/entities/opencti_indicator.py", line 408, in read\n result = self.opencti.query(query, {"id": id})\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File "/runtime/lib/python3.11/site-packages/pycti/api/opencti_api_client.py", line 348, in query\n raise ValueError(\nValueError: {'name': 'Cannot query field "id" on type "LabelConnection".', 'message': 'Cannot query field "id" on type "LabelConnection".'}", "attributes": {"reason": "{'name': 'Cannot query field "id" on type "LabelConnection".', 'message': 'Cannot query field "id" on type "LabelConnection".'}"}}
docker compose:
connector-elastic:
image: opencti/connector-elastic:5.12.33
environment:
- OPENCTI_URL=http://opencti:8080
- OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
- CONNECTOR_ID=${CONNECTOR_ELASTIC_ID}
- CONNECTOR_LIVE_STREAM_ID=live # ID of the live stream created in the OpenCTI UI
- CONNECTOR_LIVE_STREAM_LISTEN_DELETE=true
- CONNECTOR_LIVE_STREAM_NO_DEPENDENCIES=true
- "CONNECTOR_NAME=OpenCTI Elastic Connector"
- CONNECTOR_SCOPE=elastic
- CONNECTOR_CONFIDENCE_LEVEL=80 # From 0 (Unknown) to 100 (Fully trusted)
- CONNECTOR_LOG_LEVEL=error
- "CONNECTOR_ENTITY_NAME=Elastic Detection Cluster"
- "CONNECTOR_ENTITY_DESCRIPTION=Elasticsearch detection engine cluster"
- ELASTICSEARCH_HOSTS=http://192.168.204.122:9200
restart: always
depends_on:
- opencti