Elasticsearch filter plugin query failure

jchoinski · April 29, 2016, 8:16pm

Hello,

I'm trying to query for an instrument in elasticsearch and calculate the time difference between the events. I'm running into an error trying to query elasticsearch.

Here is the config.

filter {
if [type] == "kafka-instrument" {
elasticsearch {
hosts => ["127.0.0.1"]
query => 'type:def AND _id:%{[key][dvi]}'
fields => ["@timestamp"]
}

}

and here is the error.
{:timestamp=>"2016-04-29T15:09:56.616000-0500", :message=>"Failed to query elasticsearch for previous event", :query=>"type:def AND _id:176", :event=>#<LogStash::Event:0x33dfaf04 @metadata_accessors=#<LogStash::Util::Accessors:0x2be39827 @store={}, @lut={}>, @cancelled=false, @data={REMOVEDFORBREVITY}>>, :error=> #<NoMethodError: undefined method `[]' for nil:NilClass>, :level=>:warn}

Any ideas?

warkolm · May 1, 2016, 1:38am

Check your ES logs as well, there should be something related.

Topic		Replies	Views
Failed to query elasticsearch for previous event Logstash	1	1788	July 6, 2017
Elasticsearch filter plugin Logstash	1	479	September 7, 2017
ElasticSearch filter plugin "Failed to parse query" Was Expecting TO Logstash	2	574	October 24, 2020
Logstash.filters.elasticsearch "Read timed out" Logstash	2	1136	March 20, 2022
Error in elasticsearch filter of logstash: Failed to query elasticsearch for previous event Logstash	6	2032	January 8, 2021

Elasticsearch filter plugin query failure

Related topics