Error message in logfile : Parse Failure [No mapping found for [@timestamp] in order to sort on]

HansPeterSloot · April 28, 2014, 9:24am

Hello,

I see the message further below in the elastic search logfile:
Can someone tell what is wrong?

Regards HansP

[2014-04-28 11:02:44,612][DEBUG][action.search.type ] [u3060p]
[kibana-int][0], node[8LhzSgxJSf2RxW9wFgxBLA], [P], s[STARTED]: Failed to
execute [org.elasticsearch.action.search.SearchRequest@1bae4d4f] lastShard
[true]
org.elasticsearch.search.SearchParseException: [kibana-int][0]:
query[filtered(ConstantScore(:))->BooleanFilter(+:
+cache(@timestamp:[1398654164260 TO now])
+BooleanFilter(+:))],from[-1],size[500]: Parse Failure [Failed to parse
source
[{"query":{"filtered":{"query":{"bool":{"should":[{"query_string":{"query":""}}]}},"filter":{"bool":{"must":[{"match_all":{}},{"range":{"@timestamp":{"from":1398654164260,"to":"now"}}},{"bool":{"must":[{"match_all":{}}]}}]}}}},"highlight":{"fields":{},"fragment_size":2147483647,"pre_tags":["@start-highlight@"],"post_tags":["@end-highlight@"]},"size":500,"sort":[{"@timestamp":{"order":"desc"}}]}]]
at
org.elasticsearch.search.SearchService.parseSource(SearchService.java:595)
at
org.elasticsearch.search.SearchService.createContext(SearchService.java:498)
at
org.elasticsearch.search.SearchService.createAndPutContext(SearchService.java:472)
at
org.elasticsearch.search.SearchService.executeQueryPhase(SearchService.java:244)
at
org.elasticsearch.search.action.SearchServiceTransportAction.sendExecuteQuery(SearchServiceTransportAction.java:202)
at
org.elasticsearch.action.search.type.TransportSearchQueryThenFetchAction$AsyncAction.sendExecuteFirstPhase(TransportSearchQueryThenFetchAction.java:80)
at
org.elasticsearch.action.search.type.TransportSearchTypeAction$BaseAsyncAction.performFirstPhase(TransportSearchTypeAction.java:216)
at
org.elasticsearch.action.search.type.TransportSearchTypeAction$BaseAsyncAction.performFirstPhase(TransportSearchTypeAction.java:203)
at
org.elasticsearch.action.search.type.TransportSearchTypeAction$BaseAsyncAction$2.run(TransportSearchTypeAction.java:186)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:701)
Caused by: org.elasticsearch.search.SearchParseException: [kibana-int][0]:
query[filtered(ConstantScore(:))->BooleanFilter(+:*
+cache(@timestamp:[1398654164260 TO now])
+BooleanFilter(+:))],from[-1],size[500]: Parse Failure [No mapping found
for [@timestamp] in order to sort on]
at
org.elasticsearch.search.sort.SortParseElement.addSortField(SortParseElement.java:198)
at
org.elasticsearch.search.sort.SortParseElement.addCompoundSortField(SortParseElement.java:172)
at
org.elasticsearch.search.sort.SortParseElement.parse(SortParseElement.java:80)
at
org.elasticsearch.search.SearchService.parseSource(SearchService.java:583)
... 11 more

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/296d044a-066c-4c82-b947-5a9db5ff8125%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Binh_Ly_2 · April 28, 2014, 1:45pm

Is it possible that one of in the indexes you're querying against does not
have the field @timestamp?

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/70f2b01d-a10a-4dea-9fdd-f58e7dc56c19%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

HansPeterSloot · April 29, 2014, 6:47am

Well I am using elasticsearch as a logstash repository.

Can you give me a curl statement to check whether there are indexes without
@timestamp?

Op maandag 28 april 2014 15:45:05 UTC+2 schreef Binh Ly:

Is it possible that one of in the indexes you're querying against does not
have the field @timestamp?

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/d5f858f8-5ab7-4b86-9c3d-bcb41647b548%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

spinscale · May 5, 2014, 10:18am

Hey,

the problem is, that you are trying to search over all indices. One of
those indices contains your kibana dashboards - which is just fine. However
that index (named kibana-int) does not contain a timestamp field.

The most simple solution might be, to change your search to not search in
that index or only include the indices you want to search in.

--Alex

On Tue, Apr 29, 2014 at 8:47 AM, HansPeterSloot
hanspeter.sloot@gmail.comwrote:

Well I am using elasticsearch as a logstash repository.

Can you give me a curl statement to check whether there are indexes
without @timestamp?

Op maandag 28 april 2014 15:45:05 UTC+2 schreef Binh Ly:

Is it possible that one of in the indexes you're querying against does
not have the field @timestamp?

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/d5f858f8-5ab7-4b86-9c3d-bcb41647b548%40googlegroups.com https://groups.google.com/d/msgid/elasticsearch/d5f858f8-5ab7-4b86-9c3d-bcb41647b548%40googlegroups.com?utm_medium=email&utm_source=footer
.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAGCwEM_xzp7MC%3Dx7j68Qn%3Dma6gkHnDyPkX3q4YE0nnzD-ZDxUA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Firass_Gzayil · May 15, 2014, 12:41pm

Goto your dashboard->settings->index and replace [_all] with [logstash*]

Firass

On Monday, May 5, 2014 1:18:18 PM UTC+3, Alexander Reelsen wrote:

Hey,

the problem is, that you are trying to search over all indices. One of
those indices contains your kibana dashboards - which is just fine. However
that index (named kibana-int) does not contain a timestamp field.

The most simple solution might be, to change your search to not search in
that index or only include the indices you want to search in.

--Alex

On Tue, Apr 29, 2014 at 8:47 AM, HansPeterSloot <hanspet...@gmail.com<javascript:>

wrote:

Well I am using elasticsearch as a logstash repository.

Can you give me a curl statement to check whether there are indexes
without @timestamp?

Op maandag 28 april 2014 15:45:05 UTC+2 schreef Binh Ly:

Is it possible that one of in the indexes you're querying against does
not have the field @timestamp?

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc...@googlegroups.com <javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/d5f858f8-5ab7-4b86-9c3d-bcb41647b548%40googlegroups.com https://groups.google.com/d/msgid/elasticsearch/d5f858f8-5ab7-4b86-9c3d-bcb41647b548%40googlegroups.com?utm_medium=email&utm_source=footer
.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/3e65ee59-3d96-42cb-8507-9feba27db3f9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.