Failed to execute bulk item

Ashvin_Meetoo · March 8, 2016, 9:06am

Hello people,

I am getting a strange error while parsing some data to elasticsearch.

My template is properly defined, and when i add a sample data manually it works:
POST /netflow-2016-03-08/socket
{
"tcp_flags": "16",
"peer_ip_src": "62.193.32.252",
"ip_dst": "62.193.34.125",
"@timestamp": "2016-03-08T08:33:01Z",
"peer_as_dst": 0,
"port_dst": 19209,
"tag": 100,
"iface_out": 68,
"peer_as_src": 6453,
"ip_src": "104.85.76.24",
"sampling_rate": 1,
"peer_ip_dst": "62.193.37.9",
"flows": 1,
"as_path": "",
"bytes": 14200000,
"class": "unknown",
"as_dst": 0,
"packets": 10000,
"iface_in": 66,
"port_src": 443,
"ip_proto": "tcp",
"as_src": 20940
}

When trying to parse the whole data, the index is properly created but no docs are fed and i'm getting the error below, as you can see it's same as above:

[2016-03-08 08:33:01,795][DEBUG][action.bulk              ] [node-2] [netflow-2016-03-08][2] failed to execute bulk item (index) index {[netflow-2016-03-08][Netflowa][AVNVW6CeBNvVuTM7ABR2], source[{"tcp_flags": "16", "peer_ip_src": "62.193.32.252", "ip_dst": "62.193.34.125", "@timestamp": "2016-03-08T08:33:01Z", "peer_as_dst": 0, "port_dst": 19209, "tag": 100, "iface_out": 68, "peer_as_src": 6453, "ip_src": "104.85.76.24", "sampling_rate": 1, "peer_ip_dst": "62.193.37.9", "flows": 1, "as_path": "", "bytes": 14200000, "class": "unknown", "as_dst": 0, "packets": 10000, "iface_in": 66, "port_src": 443, "ip_proto": "tcp", "as_src": 20940}]}
MapperParsingException[failed to parse [peer_ip_src]]; nested: NumberFormatException[For input string: "62.193.32.252"];
	at org.elasticsearch.index.mapper.FieldMapper.parse(FieldMapper.java:343)
	at org.elasticsearch.index.mapper.DocumentParser.parseObjectOrField(DocumentParser.java:318)
	at org.elasticsearch.index.mapper.DocumentParser.parseAndMergeUpdate(DocumentParser.java:765)
	at org.elasticsearch.index.mapper.DocumentParser.parseDynamicValue(DocumentParser.java:652)
	at org.elasticsearch.index.mapper.DocumentParser.parseValue(DocumentParser.java:451)
	at org.elasticsearch.index.mapper.DocumentParser.parseObject(DocumentParser.java:271)
	at org.elasticsearch.index.mapper.DocumentParser.innerParseDocument(DocumentParser.java:131)
	at org.elasticsearch.index.mapper.DocumentParser.parseDocument(DocumentParser.java:79)
	at org.elasticsearch.index.mapper.DocumentMapper.parse(DocumentMapper.java:304)
	at org.elasticsearch.index.shard.IndexShard.prepareCreate(IndexShard.java:500)
	at org.elasticsearch.index.shard.IndexShard.prepareCreateOnPrimary(IndexShard.java:481)
	at org.elasticsearch.action.index.TransportIndexAction.prepareIndexOperationOnPrimary(TransportIndexAction.java:214)
	at org.elasticsearch.action.index.TransportIndexAction.executeIndexRequestOnPrimary(TransportIndexAction.java:223)
	at org.elasticsearch.action.bulk.TransportShardBulkAction.shardIndexOperation(TransportShardBulkAction.java:326)
	at org.elasticsearch.action.bulk.TransportShardBulkAction.shardOperationOnPrimary(TransportShardBulkAction.java:119)
	at org.elasticsearch.action.bulk.TransportShardBulkAction.shardOperationOnPrimary(TransportShardBulkAction.java:68)
	at org.elasticsearch.action.support.replication.TransportReplicationAction$PrimaryPhase.doRun(TransportReplicationAction.java:595)
	at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37)
	at org.elasticsearch.action.support.replication.TransportReplicationAction$PrimaryOperationTransportHandler.messageReceived(TransportReplicationAction.java:263)
	at org.elasticsearch.action.support.replication.TransportReplicationAction$PrimaryOperationTransportHandler.messageReceived(TransportReplicationAction.java:260)
	at org.elasticsearch.transport.TransportService$4.doRun(TransportService.java:350)
	at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.NumberFormatException: For input string: "62.193.32.252"
	at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65)
	at java.lang.Long.parseLong(Long.java:589)
	at java.lang.Long.parseLong(Long.java:631)
	at org.elasticsearch.index.mapper.core.NumberFieldMapper.parseCreateField(NumberFieldMapper.java:241)
	at org.elasticsearch.index.mapper.FieldMapper.parse(FieldMapper.java:335)
	... 24 more

Help please

jpountz · March 8, 2016, 9:49am

It looks like the peer_ip_src field is mapped as a number in your mappings, so then it fails to index the document since it expects a number but gets a string that represents an ip address.

yp_wang · May 10, 2017, 4:42am

Bingo!

Topic		Replies	Views
Failed to execute on node [YK3h1SM5SZW2K-JloBdVCg] Elasticsearch	4	1503	May 30, 2018
Elasticsearch indexing with bulkprocessor, got broken pipeline Elasticsearch	1	550	January 22, 2022
ES 6.4.2 - MapperParsingException when performing Bulk requests Elasticsearch	4	237	October 12, 2022
Unknown error while bulk indexing Elasticsearch language-clients	3	183	February 5, 2024
Org.elasticsearch.index.mapper.MapperParsingException: failed to parse -- NEED HELP Elasticsearch	2	5201	July 6, 2017

Failed to execute bulk item

Related Topics