Hi All,
I am using Graylog as our web interface and have Elasticsearch in the backend. We run aggregation searches for alerting in Graylog, but we seem to be getting errors which cause Elasticsearch to stop working for a few minutes.
I have tried setting my index mapping to field data = true for the streams field but that didn't seem to work.
Below is the offending log within the ES log file.
Cheers,
George
Anyone got any ideas? This is causing us some serious problems.
Filter gl2_filter looks to be the source of the complaint. It's actually superfluous in your requests so removing it may be a client-side workaround.
The error from your log is java.lang.IllegalStateException: "value source config is invalid; must have either a field context or a script or marked as unwrapped".
I wonder if you can run the query in the log directly against elasticsearch.
From what I can see on my phone the aggregation looks like it's missing a field setting for the terms aggregation.
@Mark_Harwood
The aggregation searches are coming from inbuilt alerting functions on the Graylog web client, I am unsure how I would remove the gl2_terms field from the query.
I will let the guys at Graylog know and maybe then can do some further testing and resolve the issue.
Could you advise me on how to run the query directly against Elasticsearch?
Cheers both for your replies,
George
Good spot, @Johnnycc1 - the gl2_terms aggregation is indeed missing a choice of field.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.