I am trying to play around with Graph and some net flow data and keep getting a Server Error 500, with the following in the elasticsearch logs:
Caused by: java.lang.IllegalArgumentException: failed to parse ip [], not a valid ip address
I do have the type set correctly and it shows as an "ip" type in the regular Kibana interface, and I can query it just fine everywhere else. Did I miss a step in Graph where I define the data types again?
Hi Bryce,
This is down to an issue I discovered today in core elasticsearch with ip field types and aggregations [1]
For now, the work-around is to use a non-analyzed string field for this sort of analysis.
However, longer term there are other reasons why graph/significant_terms will need to work with string-based representations of things like IP fields in future. It is related to changes in Lucene's handling of numeric fields and the fact that it will no longer hold document frequencies (these frequencies are required for computing significance).
Cheers
Mark
Thanks, we are still in a dev mode, so flopping our IPs over is a thing we can do quite easily.
Bryce
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.