Elastic filter plugin is not working

Sai_Jana_Selvakumar · December 6, 2017, 10:04am

Config file:

input {
http {
host => "host"
port => " port"

}

filter {

json {
		source => "message"
	}

ruby {
code =>"
hash= {'id' => 'id' }"

}

elasticsearch {

hosts => ["host"]
index => "index_name"
query => 'some_field:"%{[id]}"'

}

mutate {
	remove_field => [ "message","path","type","host", "entry","headers"]
}

}

Error:

:error=>#<Elasticsearch::Transport::Transport::Errors::BadRequest: [400] {"error":{"root_cause":[{"type":"query_shard_exception","reason":"No mapping found for [@timestamp] in order to sort on","index_uuid":"mjW6B3ljQjOydaexYmrcWA","index":"index_name"}],"type":"search_phase_execution_exception","reason":"all shards failed","phase":"query","grouped":true,"failed_shards":[{"shard":0,"index":"index_name","node":"0v0j-JY1QaWdd9IFmcqN_Q","reason":{"type":"query_shard_exception","reason":"No mapping found for [@timestamp] in order to sort on","index_uuid":"mjW6B3ljQjOydaexYmrcWA","index":"index_name"}}]},"status":400}>, :level=>:warn}

magnusbaeck · December 10, 2017, 9:06pm

The index you're searching doesn't have a @timestamp field. If you don't want the filter to sort on that field you need to adjust the sort option.

Topic		Replies	Views
Logstash - No mapping found for [@timestamp] in order to sort on Logstash	9	2002	March 26, 2019
Elasticsearch filter plugin not working Logstash	5	937	January 7, 2020
Error message in logfile : Parse Failure [No mapping found for [@timestamp] in order to sort on] Elasticsearch	5	1408	July 6, 2017
Logstash elasticsearch filter plugin - set index Logstash	2	1630	July 6, 2017
Elastic search filter plugin is not working Logstash	1	463	January 19, 2018

Elastic filter plugin is not working

Related topics