Elasticsearch search query

Elastic Stack Elasticsearch
1

hello everyone i'm new on Es and i'm trying to run the following code

function getClusters() {
es_client.search({
index: settings.cluster.index,
type: 'metrics',
body: {
query: {
bool: {
must: [
{
range: {
timestamp: {
gte: moment().utc().subtract(14, 'days').valueOf(),
lte: moment().utc().valueOf()
}
}
}
]
}
},
aggs: {
clusters: {
terms: {
field: "cluster",
size: settings.cluster.max
}
}
}
}
so i get the following error :slight_frown:

{true
phase
:
"query"
reason
:
"all shards failed"
root_cause
:
[{type: "illegal_argument_exception",…}]
0
:
{type: "illegal_argument_exception",…}
reason
:
"Fielddata is disabled on text fields by default. Set fielddata=true on [cluster] in order to load fielddata in memory by uninverting the inverted index. Note that this can however use significant memory."
type
:
"illegal_argument_exception"
type
:
"search_phase_execution_exception"
status
:
400

i added this "fielddata": true, after metrics but it doesnt work , anyone have an idea plz ?
ps i'm using ES 5.3.0

2

There are 2 different types of string-like data: text and keyword. There used to only be string, but in 5.0, this was split into these 2 separate types. I recommend you should check out the blog on this at https://www.elastic.co/blog/strings-are-dead-long-live-strings since it underlies what you're running into. As you'll see in that blog, if you're using the old string mapping, you may actually have 2 fields, whether you realize it or not: a cluster field and a cluster.keyword field which Elasticsearch may have created for you implicitly.

So after you get through that blog, you may know what you want to do. The most likely answer is that you want to do your terms agg on a keyword data (e.g. cluster.keyword) instead of the text field cluster. However, if you're sure you want to use the text field instead, you'll need to add fielddata set to true in the mapping for the cluster field. You can see everything you need to know about doing that at (which, again, I'd recommend reading the whole page) https://www.elastic.co/guide/en/elasticsearch/reference/5.3/fielddata.html#_fielddata_is_disabled_on_literal_text_literal_fields_by_default

1 Like
3

Thank you for your answer , I’ve read the two documents it helped me a lot to understand the changes on ES5.3 so i added this to my mapping's configuration
I read the two documents

> "my_type": {
>   "properties": {
>     "cluster": {
>       "type": "text",
>       "fielddata": true,
>       "fields": {
>         "keyword": {
>           "type": "keyword"
>         }
>       }
>     }
>    }
>  }

and i called the fields by > cluster.keyword but it send a > null value with the same message error
request's response :
{"query":{"bool":{"must":[{"range":{"timestamp":{"gte":1492780567038,"lte":1493039767038}}},{"term":{"cluster":null}}]}}}:

es_client.search({
    index: 'inviso-cluster',
    type: type,
    body: {
      query: {
        bool: {
          must: [
            { range: { timestamp: { gte: start, lte: stop }}},
            { term: { 'cluster': cluster }}
          ]
        }
      }
    }

is it a problem about the security connection ?

4

I don't quite understand what you're asking. Can you maybe rephrase?

5

Your proposal solved the problem, the other error was due to field timestamps which I replaced after by a function that calculates it because it is not supported on ES 5.3

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.