Elastic filter plugin is not working

Sai_Jana_Selvakumar · December 6, 2017, 10:04am

Config file:

input {
http {
host => "host"
port => " port"

}

filter {

json {
		source => "message"
	}

ruby {
code =>"
hash= {'id' => 'id' }"

}

elasticsearch {

hosts => ["host"]
index => "index_name"
query => 'some_field:"%{[id]}"'

}

mutate {
	remove_field => [ "message","path","type","host", "entry","headers"]
}

}

Error:

:error=>#<Elasticsearch::Transport::Transport::Errors::BadRequest: [400] {"error":{"root_cause":[{"type":"query_shard_exception","reason":"No mapping found for [@timestamp] in order to sort on","index_uuid":"mjW6B3ljQjOydaexYmrcWA","index":"index_name"}],"type":"search_phase_execution_exception","reason":"all shards failed","phase":"query","grouped":true,"failed_shards":[{"shard":0,"index":"index_name","node":"0v0j-JY1QaWdd9IFmcqN_Q","reason":{"type":"query_shard_exception","reason":"No mapping found for [@timestamp] in order to sort on","index_uuid":"mjW6B3ljQjOydaexYmrcWA","index":"index_name"}}]},"status":400}>, :level=>:warn}

magnusbaeck · December 10, 2017, 9:06pm

The index you're searching doesn't have a @timestamp field. If you don't want the filter to sort on that field you need to adjust the sort option.

system · January 7, 2018, 9:06pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.