I had created index and constructed Visualization every thing was working perfectly. But today when I search in kibana, I got a popup saying that 1 of 33 shards failed,
with below exception
Text fields are not optimized for operations that require per-document field data like aggregations and sorting, so these operations are disabled by default. Please use a keyword field instead. Alternatively, set fielddata=true on [@timestamp] in order to load field data by uninverting the inverted index. Note that this can use significant memory.
It seems like an index which is matched by your index pattern has an incompatible mapping. Can you check whether something like this got created? It's recommended to use index templates in Elasticsearch to ensure mappings are the same for all indices you want to query at once.
The logs are receiving logs from two servers to ELK Stack. When I initially created the index pattern, I created one common index pattern for both the server logs, as same application deployed in 2 servers and have @timestamp as Time Filter field name.
To check this issue, Today I tried to create index pattern. I'm not getting @timestamp for the server one indices and getting @timestamp for server 2. I don't know why?
Would that be the problem ?
The problem is in the mapping of one of the indices matching the pattern. I guess one of them has a type text for @timestamp because Elasticsearch doesn't recognize the date format of the documents you are ingesting.
Look at the latest index receiving data and check the mapping.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.