Elastic filter plugin is not working

Sai_Jana_Selvakumar · December 6, 2017, 10:04am

Config file:

input {
http {
host => "host"
port => " port"

}

filter {

json {
		source => "message"
	}

ruby {
code =>"
hash= {'id' => 'id' }"

}

elasticsearch {

hosts => ["host"]
index => "index_name"
query => 'some_field:"%{[id]}"'

}

mutate {
	remove_field => [ "message","path","type","host", "entry","headers"]
}

}

Error:

:error=>#<Elasticsearch::Transport::Transport::Errors::BadRequest: [400] {"error":{"root_cause":[{"type":"query_shard_exception","reason":"No mapping found for [@timestamp] in order to sort on","index_uuid":"mjW6B3ljQjOydaexYmrcWA","index":"index_name"}],"type":"search_phase_execution_exception","reason":"all shards failed","phase":"query","grouped":true,"failed_shards":[{"shard":0,"index":"index_name","node":"0v0j-JY1QaWdd9IFmcqN_Q","reason":{"type":"query_shard_exception","reason":"No mapping found for [@timestamp] in order to sort on","index_uuid":"mjW6B3ljQjOydaexYmrcWA","index":"index_name"}}]},"status":400}>, :level=>:warn}

magnusbaeck · December 10, 2017, 9:06pm

The index you're searching doesn't have a @timestamp field. If you don't want the filter to sort on that field you need to adjust the sort option.

system · January 7, 2018, 9:06pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elastic search filter plugin is not working Logstash	1	441	January 19, 2018
Elasticsearch filter plugin not working Logstash	5	907	January 7, 2020
Logstash elasticsearch filter plugin - set index Logstash	2	1603	July 6, 2017
Elasticsearch filter query not working Logstash	1	1194	March 22, 2018
Elasticsearch filter plugin not sorting properly Logstash	2	291	June 11, 2019

Elastic filter plugin is not working

Related topics