Illegal_argument_exception

Carlos_Vinicius · August 10, 2022, 2:32pm

Dears, good morning!

I'm facing the error below, can someone shed some light on me?

{
"took": 461,
"timed_out": false,
"_shards": {
"total": 39,
"successful": 38,
"skipped": 33,
"failed": 1,
"failures": [
{
"shard": 0,
"index": ".ds-filebeat-8.3.2-2022.08.09-000332",
"node": "ozlh6n6QTyuVfQYC1on97A",
"reason": {
"type": "illegal_argument_exception",
"reason": "error fetching [aws.cloudtrail.flattened.request_parameters.TimePeriod.End]: Field [aws.cloudtrail.flattened.request_parameters.TimePeriod.End] of type [flattened] doesn't support formats.",
"caused_by": {
"type": "illegal_argument_exception",
"reason": "Field [aws.cloudtrail.flattened.request_parameters.TimePeriod.End] of type [flattened] doesn't support formats."
}
}
}
]
},
"hits": {
"max_score": null,
"hits":
}
}

Yang_Wang · August 11, 2022, 12:27am

Some field types support formatting their values in certain ways. For an example, date field can be formatted in different ways e.g. epoch_millis and basic_date etc. But most field types do not support formatting. In your case, the field aws.cloudtrail.flattened.request_parameters.TimePeriod.End is of type flattened and it does not support format. You need remove the format parameter from your search query.

Carlos_Vinicius · August 11, 2022, 11:59am

Hi, thank you very much for your quick response, can you let me know how I make this change?

Sorry for my ignorance, I'm new to elastic

system · September 8, 2022, 11:59am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.