[Bug] Cortex Elasticsearch Analyzer Error

[badentropy]

Hi there, gettin an error while running Elasticsearch Analyzer in docker container

Describe the bug
When attempting to execute the Cortex Elasticsearch Analyzer, I encountered the following error message:

{
  "errorMessage": "/usr/bin/env: ‘python3\\r’: No such file or directory\n",
  "input": null,
  "success": false
}

I suspect that the error is caused by the presence of the carriage return character ("\r") in the elk.py Python file (analyzers/Elasticsearch/elk.py). This character may be causing the file path to be incorrectly interpreted, resulting in the "No such file or directory" error for the python3 command.

To Reproduce
Steps to reproduce the behavior:

• Set up the Cortex Elasticsearch Analyzer environment using the Docker containers.
• Execute the analyzer, either through the provided script or manually.
• Observe the error message mentioned above.

Expected behavior
The Cortex Elasticsearch Analyzer should execute successfully without any errors related to the python3 command or file paths.

Work environment

• Client OS: Fedora 37
• Server OS: Fedora 37
• Browse type and version:
• Cortex version: Version: 3.1.7-1
• Cortex Analyzer/Responder name: Elasticsearch_Analysis_1_0
• Cortex Analyzer/Responder version: 1.0

Possible solutions
I think removing the carriage return character ("\r") from the elk.py Python file (analyzers/Elasticsearch/elk.py). By doing so, the file path should be correctly interpreted, and the error should be eliminated.

[1Placebo1]

We have this issue to. We see the same error on a clean install of Cortex 3.1.7-1

[mgarofano80]

Try with dos2unix. Run dos2unix elk.py

[NurvX]

I tried removing "\" manually and using dos2unix both, still same error

[jiribartusek-ls]

How to fix this if I am using an dockerized instance of Cortex? I am not sure if just fixing this would solve the problem for Linux users but break it for Windows platform?

[jiribartusek-ls]

Looks like the fix is waiting to be merged :) #1023