Hello averyone.
Everithing was fine, untill i'v got error.
IDK when error occurs first time and when something going wrong (maybe some one uploaded new template or else), but when i open index log_query*, on top of kibana appears:
Discover: parse_exception: unexpected token 'doc['geoip.country_code3.raw'].value' on line (1) position (7) was expecting one of
-processing search and there is no info.
-in log /var/log/elasticsearch/logs.log:
[details=Summary]Caused by: ScriptException[Failed to parse expression: return doc['geoip.country_code3.raw'].value]; nested: NotSerializableExceptionWrapper[parse_exception: unexpected token 'doc['geoip.country_code3.raw'].value' on line (1) position (7) was expecting one of ];
Caused by: NotSerializableExceptionWrapper[parse_exception: unexpected token 'doc['geoip.country_code3.raw'].value' on line (1) position (7) was expecting one of ][/details]
part of input
/etc/logstash/conf.d/01-lumberjack-input.conf
jdbc {
type => "log_query"
jdbc_driver_library => "/usr/share/java/mysql-connector-java-5.1.39/mysql-connector-java-5.1.39-bin.jar"
jdbc_driver_class => "com.mysql.jdbc.Driver"
jdbc_connection_string => "jdbc:mysql://192.168.0.104:3306/dbname?zeroDateTimeBehavior=convertToNull&characterEncoding=cp1251&characterSetResults=UTF-8"
# jdbc_paging_enabled => "true"
# jdbc_page_size => "500"
jdbc_user => "mysql"
jdbc_password => "mysqladminpassword"
# sql_log_level => "debug"
schedule => "* * * * *"
statement_filepath => "/etc/logstash/log_query.sql"
# use_column_value => "true"
# tracking_column => "log_id"
}
part of output
/etc/logstash/conf.d/30-lumberjack-output.conf
} else if "log_query" in [tags] or "log_query" in [type] {
elasticsearch {
hosts => ["192.168.0.105:9200"]
index => "log_query-%{+YYYY.MM.dd}"
template => "/etc/logstash/log_query_template.json"
template_name => "log_query-*"
manage_template => "true"
document_id => "%{fingerprint}"
}
/etc/logstash/log_query.sql
SELECT
test_kartoteka.log_query.id log_id,
date,
source,
test_kartoteka.log_query.cid,
type search_type,
found,
page,
query db_query,
referer,
user_agent,
promo_id,
login,
tcid,
email,
fio,
lastname,
firstname,
middlename,
phone,
po_address,
deposit,
dtadd,
inn,
snils,
adv,
permissions,
es,
where_from,
l_act,
block,
lupdate,
site_id,
name,
maintenance,
address,
INET_NTOA(ip) ip
FROM test_kartoteka.log_query
LEFT JOIN priv_office.clients ON priv_office.clients.cid = test_kartoteka.log_query.cid
LEFT JOIN search_v1.searcher ON test_kartoteka.log_query.type = search_v1.searcher.id
WHERE test_kartoteka.log_query.type <> 15
ORDER BY date DESC LIMIT 5000
/etc/logstash/log_query_template.json
{
"template" : "log_query-",
"settings" : {
"index.refresh_interval" : "60s"
},
"mappings" : {
"default" : {
"_all" : {"enabled" : true, "omit_norms" : true},
"dynamic_templates" : [ {
"message_field" : {
"match" : "message",
"match_mapping_type" : "string",
"mapping" : {
"type" : "string", "index" : "analyzed", "omit_norms" : true,
"fielddata" : { "format" : "disabled" }
}
}
}, {
"string_fields" : {
"match" : "",
"match_mapping_type" : "string",
"mapping" : {
"type" : "string", "index" : "analyzed", "omit_norms" : true,
"fielddata" : { "format" : "disabled" },
"fields" : {
"raw" : {"type": "string", "index" : "not_analyzed", "doc_values" : true, "ignore_above" : 256}
}
}
}
}, {
"float_fields" : {
"match" : "",
"match_mapping_type" : "float",
"mapping" : { "type" : "float", "doc_values" : true }
}
}, {
"double_fields" : {
"match" : "",
"match_mapping_type" : "double",
"mapping" : { "type" : "double", "doc_values" : true }
}
}, {
"byte_fields" : {
"match" : "",
"match_mapping_type" : "byte",
"mapping" : { "type" : "byte", "doc_values" : true }
}
}, {
"short_fields" : {
"match" : "",
"match_mapping_type" : "short",
"mapping" : { "type" : "short", "doc_values" : true }
}
}, {
"integer_fields" : {
"match" : "",
"match_mapping_type" : "integer",
"mapping" : { "type" : "integer", "doc_values" : true }
}
}, {
"long_fields" : {
"match" : "",
"match_mapping_type" : "long",
"mapping" : { "type" : "long", "doc_values" : true }
}
}, {
"date_fields" : {
"match" : "",
"match_mapping_type" : "date",
"mapping" : { "type" : "date", "doc_values" : true }
}
}, {
"geo_point_fields" : {
"match" : "",
"match_mapping_type" : "geo_point",
"mapping" : { "type" : "geo_point", "doc_values" : true }
}
} ],
"properties" : {
"@timestamp": { "type": "date", "doc_values" : true },
"@version": { "type": "string", "index": "not_analyzed", "doc_values" : true },
"length": { "type": "integer", "index": "not_analyzed", "doc_values" : true },
"geoip" : {
"type" : "object",
"dynamic": true,
"properties" : {
"ip": { "type": "ip", "doc_values" : true },
"location" : { "type" : "geo_point", "doc_values" : true },
"latitude" : { "type" : "float", "doc_values" : true },
"longitude" : { "type" : "float", "doc_values" : true }
}
}
}
}
}
}
Where is my misunderstood? Where's my mistake?
Maybe i should to remove template or re-upload it?
I'm unable to create new search, but saved dashboard (i think it linked to index) shows some info.