Exporting aggregated data out of ES

Elastic Stack Logstash
1

I am trying to export aggregared data out of Elasticsearch using log stash input. Below is my code. But I am getting a error. Can anyone help me?
My code in Logstash.conf

input {
elasticsearch {
hosts => "localhost"
index => "ipfix-5min-20170512"
type =>"agg"
query => '
{
"query": { "match": { "dstPt": "53"} },
"aggs": { "sum_by_hr": { "date_histogram": { "field": "flStDttmUtc", "interval": "1h", "time_zone": "America/New_York", "min_doc_count": 1 } } }
}'
size => 500
scroll => "5m"
docinfo => true
}
}

output {
elasticsearch {
index => "ipfix-5min-20170512_1hr"
document_id => "%{[@metadata][_id]}"
}
}

Error :

Error: [400] {"error":{"root_cause":[{"type":"illegal_argument_exception","reason":"Failed to parse request body"}],"type":"illegal_argument_exception","reason":"Failed to parse request body","caused_by":{"type":"json_parse_exception","reason":"Unrecognized token 'DnF1ZXJ5VGhlbkZldGNoBQAAAAAAAArsFm5KTF9hcy1TUUgtd3dnbjBPUzl0QkEAAAAAAAA': was expecting ('true', 'false' or 'null')\n at [Source: org.elasticsearch.transport.netty4.ByteBufStreamInput@1a9cfbc1; line: 1, column: 73]"}},"status":400}

2

Known bug, fixed in logstash-input-elasticsearch v4.0.3.

3

Thanks for the response. I am using ES 5.3 and logstash 5.4.0. But I am still facing the issue. :frowning: not sure if cam missing something

4

And you've verified that you indeed are running v4.0.3 of the logstash-input-elasticsearch plugin?

5

Thanks a lot it is working .I was using 4.0.2 and i upgraded it to 4.0.3.
But my output to elasticsearch in not aggregated. Should i change my logstash-output-elasticsearch plugin also?
By current version is logstash-output-elasticsearch (6.3.0).

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.