Getting error when i try to import the Json file

raki1205 · November 30, 2016, 8:43pm

Hi,
I'm new to elastic search. When i try to load a json file using CURl, I'm getting an error

ERROR
$ curl -XPUT xxxxxxxxxx:9200/_bulk --data-binary @FSAudit.log-2016-11-30-001.part.json
{"error":{"root_cause":[{"type":"illegal_argument_exception","reason":"Action/metadata line [1] contains an unknown parameter [$date]"}],"type":"illegal_argument_exception","reason":"Action/metadata line [1] contains an unknown parameter [$date]"},"status":400}

While the Index is getting created properly. Index i created is below.

INDEX
curl -XPUT http://xxxxxxxxx:9200/fsaudit -d '
{
"mappings" : {
"default" : {
"properties" : {
"@timestamp" : { "type" : "date" },
"timestamp":{"properties":{"$date":{"type":"date","format":"strict_date_optional_time||

epoch_millis"}}},
"operation" : {"type": "string" },
"user" : { "type" : "string" },
"uid" : { "type" : "integer" },
"ipAddress" : { "type" : "string" },
"nfsServer" : { "type" : "string" },
"parentPath" : { "type" : "string" },
"parentFid" : { "type" : "string" },
"childPath" : { "type" : "string" },
"childFid" : { "type" : "string" },
"childName" : { "type" : "string" },
"VolumeName" : { "type" : "string" },
"volumeId" : { "type" : "integer" },
"status" : { "type" : "integer" }
}
}
}
}
';

Please help us in rectifying the issue.

Thanks,
Rakesh

Mark_Harwood · December 1, 2016, 11:34am

We need to see line 1 of the FSAudit.log-2016-11-30-001.part.json file

raki1205 · December 1, 2016, 4:11pm

Hi Mark,

Below is my few contents of the Json file.

{"timestamp":{"$date":"2016-11-30T06:00:33.362Z"},"operation":"ENABLEAUDIT","user":"mapr","uid":5000,"ipAddress":"x.x.x.x","srcPath":"/audit/myaudit/","srcFid":"9155.16.2","VolumeN
ame":"myaudit","volumeId":181245567,"status":0}
{"timestamp":{"$date":"2016-11-30T06:05:31.223Z"},"operation":"MKDIR","user":"root","uid":0,"ipAddress":"127.0.0.1","nfsServer":"x.x.x.x","parentPath":"/audit/myaudit/","parentFid"
:"9155.16.2","childPath":"/audit/myaudit/testdir","childFid":"9155.32.131394","childName":"testdir","VolumeName":"myaudit","volumeId":181245567,"status":0}

Thanks in Advance..

Mark_Harwood · December 1, 2016, 4:14pm

Wrong format?
This looks to be all data, and no actions - see https://www.elastic.co/guide/en/elasticsearch/reference/5.0/docs-bulk.html

raki1205 · December 1, 2016, 4:54pm

Mark,

But I'm getting the error for the date .Is it something to do with the data?

Thanks

Mark_Harwood · December 1, 2016, 4:58pm

Yes. "Date" is not an action - it's data.
A bulk file is:

action
data

action
data

action
data

Actions are either index, delete or update commands so you need to prefix each data doc with an action instruction. The document I linked to describes this format.

raki1205 · December 2, 2016, 6:31pm

Thanks Mark..It worked

system · December 30, 2016, 6:31pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Problem with JSON file import into ElasticSearch Elasticsearch	10	5073	August 14, 2020
Unkown setting error (illegal_argument_exception) Elasticsearch	1	817	December 11, 2017
Need help with this curl command for bulk uploading Elasticsearch	3	4065	July 16, 2019
Loading json file in ES 6.4 Elasticsearch	6	609	November 13, 2018
Illegal_argument_exception when copying settings to a new index Elasticsearch	5	414	August 28, 2018

Getting error when i try to import the Json file

Related topics