Getting error when i try to import the Json file

raki1205 · November 30, 2016, 8:43pm

Hi,
I'm new to elastic search. When i try to load a json file using CURl, I'm getting an error

ERROR
$ curl -XPUT xxxxxxxxxx:9200/_bulk --data-binary @FSAudit.log-2016-11-30-001.part.json
{"error":{"root_cause":[{"type":"illegal_argument_exception","reason":"Action/metadata line [1] contains an unknown parameter [$date]"}],"type":"illegal_argument_exception","reason":"Action/metadata line [1] contains an unknown parameter [$date]"},"status":400}

While the Index is getting created properly. Index i created is below.

INDEX
curl -XPUT http://xxxxxxxxx:9200/fsaudit -d '
{
"mappings" : {
"default" : {
"properties" : {
"@timestamp" : { "type" : "date" },
"timestamp":{"properties":{"$date":{"type":"date","format":"strict_date_optional_time||

epoch_millis"}}},
"operation" : {"type": "string" },
"user" : { "type" : "string" },
"uid" : { "type" : "integer" },
"ipAddress" : { "type" : "string" },
"nfsServer" : { "type" : "string" },
"parentPath" : { "type" : "string" },
"parentFid" : { "type" : "string" },
"childPath" : { "type" : "string" },
"childFid" : { "type" : "string" },
"childName" : { "type" : "string" },
"VolumeName" : { "type" : "string" },
"volumeId" : { "type" : "integer" },
"status" : { "type" : "integer" }
}
}
}
}
';

Please help us in rectifying the issue.

Thanks,
Rakesh

Mark_Harwood · December 1, 2016, 11:34am

We need to see line 1 of the FSAudit.log-2016-11-30-001.part.json file

raki1205 · December 1, 2016, 4:11pm

Hi Mark,

Below is my few contents of the Json file.

{"timestamp":{"$date":"2016-11-30T06:00:33.362Z"},"operation":"ENABLEAUDIT","user":"mapr","uid":5000,"ipAddress":"x.x.x.x","srcPath":"/audit/myaudit/","srcFid":"9155.16.2","VolumeN
ame":"myaudit","volumeId":181245567,"status":0}
{"timestamp":{"$date":"2016-11-30T06:05:31.223Z"},"operation":"MKDIR","user":"root","uid":0,"ipAddress":"127.0.0.1","nfsServer":"x.x.x.x","parentPath":"/audit/myaudit/","parentFid"
:"9155.16.2","childPath":"/audit/myaudit/testdir","childFid":"9155.32.131394","childName":"testdir","VolumeName":"myaudit","volumeId":181245567,"status":0}

Thanks in Advance..

Mark_Harwood · December 1, 2016, 4:14pm

Wrong format?
This looks to be all data, and no actions - see https://www.elastic.co/guide/en/elasticsearch/reference/5.0/docs-bulk.html

raki1205 · December 1, 2016, 4:54pm

Mark,

But I'm getting the error for the date .Is it something to do with the data?

Thanks

Mark_Harwood · December 1, 2016, 4:58pm

Yes. "Date" is not an action - it's data.
A bulk file is:

action
data

action
data

action
data

Actions are either index, delete or update commands so you need to prefix each data doc with an action instruction. The document I linked to describes this format.

raki1205 · December 2, 2016, 6:31pm

Thanks Mark..It worked

system · December 30, 2016, 6:31pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Problem with JSON file import into ElasticSearch Elasticsearch	10	5057	August 14, 2020
IllegalArgumentException error Elasticsearch	6	949	July 5, 2017
Json import error on elasticsearch with curl command Elasticsearch	8	4310	May 24, 2018
Bulk API Failing Elasticsearch	3	1145	July 24, 2022
Unable to load the dataset from json Elasticsearch	4	633	May 9, 2018

Getting error when i try to import the Json file

Related Topics