Logs: graylog-server log indicates the root cause of the problem - it's a terms aggregation issue.
When the error appears in the ui, the following is logged: 2017-01-31_06:08:41.33295 2017-01-31 17:08:41,328 ERROR: org.graylog2.shared.rest.exceptionmappers.AnyExceptionClassMapper - Unhandled exception in REST resource 2017-01-31_06:08:41.33305 org.elasticsearch.action.search.SearchPhaseExecutionException: all shards failed 2017-01-31_06:08:41.33306 at org.elasticsearch.action.search.AbstractSearchAsyncAction.onFirstPhaseResult(AbstractSearchAsyncAction.java:206) ~[graylog.jar:?] ... at at at ... 2017-01-31_06:08:41.33339 at java.lang.Thread.run(Thread.java:745) [?:1.8.0_101] 2017-01-31_06:08:41.33340 Caused by: org.elasticsearch.search.aggregations.AggregationExecutionException: *terms aggregation cannot be applied to field [srcip_geolocation]. It can only be applied to numeric or string fields*. 2017-01-31_06:08:41.33341 at org.elasticsearch.search.aggregations.bucket.terms.TermsAggregatorFactory.doCreateInternal(TermsAggregatorFactory.java:276) ~[graylog.jar:?] ... at at at ... -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/27484f52-8728-480c-bcd2-436a5cd77677%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
