Dynamic Mapping Watcher

peterColclough · June 7, 2015, 4:27pm

Oh dear... well here we go. Tried with the example log watcher, and with creating the watch I get this:

{"error":"WatcherException[failed to put watch [log_error_watch]]; nested: TypeMissingException[[.watches] type[[watch, trying to auto create mapping, but dynamic mapping is disabled]] missing]; ","status":500}

I have other indexes on the cluster that are working fine.. and have been for 10+ months, so what have I missed here? Do I actually have to create a mapping for watcher? If so, what fields are returned as normal?

My curl call was:
curl -XPUT 'http://[myserver]:[myport]/_watcher/watch/log_error_watch' -d '{
"trigger" : {
"schedule" : { "interval" : "10s" }
},
"input" : {
"search" : {
"request" : {
"indices" : [ "logs" ],
"body" : {
"query" : {
"match" : { "message": "error" }
}
}
}
}
}
}'

Thanks in advance....

warkolm · June 8, 2015, 12:58am

What index are you putting this against, because it looks like that dynamic mapping explicitly disabled.

peterColclough · June 8, 2015, 7:47am

Apologies... forgot the correct curl call.. its against the _watcher index:

curl -XPUT 'http://[my_server]:[my_port]/_watcher/watch/log_error_watch' -d '{
"trigger" : {
"schedule" : { "interval" : "10s" }
},
"input" : {
"search" : {
"request" : {
"indices" : [ "logs" ],
"body" : {
"query" : {
"match" : { "message": "error" }
}
}
}
}
}
}'

What would cause the dynamic mapping to be turned off? I haven't (knowingly) turned it off...as its really useful to have turned on.

Peter C

uboness · June 8, 2015, 12:16pm

Hi Peter,

can you provide us the output for:

GET .watches/_mapping

Is there a chance you accidentally deleted the mappings for the .watches index?

peterColclough · June 8, 2015, 12:20pm

Ooops....you just cant get the staff can you:
{
".watches" : {
"mappings" : { }
}
}

That doesn't look good does it? Is there an easy way to get them back?
Peter C

uboness · June 8, 2015, 12:57pm

That doesn't look good does it?

no, it doesn't :).

yea.. seems like the mappings were deleted, do the following:

stop the node
add watcher.index.rest.direct_access: true to elasticsearc.yml
start the node
delete .watches index DELETE /.watches

now you should be able the put watches again. But before you do that, please revert the direct access setting:

stop the node
remove watcher.index.rest.direct_access: true from elasticsearch.yml
start the node

The watcher.index.rest.direct_access enables/disables direct access to the .watches index via the rest API such that you won't be able to add/delete/update documents there. We don't have this protection (yet) against mapping deletion.... we'll consider adding it (or find another way to prevent this from happening)

pls let us know how it goes