Illegal_argument_exception

Dears, good morning!

I'm facing the error below, can someone shed some light on me?

image770×596 56.4 KB

{
"took": 461,
"timed_out": false,
"_shards": {
"total": 39,
"successful": 38,
"skipped": 33,
"failed": 1,
"failures": [
{
"shard": 0,
"index": ".ds-filebeat-8.3.2-2022.08.09-000332",
"node": "ozlh6n6QTyuVfQYC1on97A",
"reason": {
"type": "illegal_argument_exception",
"reason": "error fetching [aws.cloudtrail.flattened.request_parameters.TimePeriod.End]: Field [aws.cloudtrail.flattened.request_parameters.TimePeriod.End] of type [flattened] doesn't support formats.",
"caused_by": {
"type": "illegal_argument_exception",
"reason": "Field [aws.cloudtrail.flattened.request_parameters.TimePeriod.End] of type [flattened] doesn't support formats."
}
}
}
]
},
"hits": {
"max_score": null,
"hits":
}
}

Some field types support formatting their values in certain ways. For an example, date field can be formatted in different ways e.g. epoch_millis and basic_date etc. But most field types do not support formatting. In your case, the field aws.cloudtrail.flattened.request_parameters.TimePeriod.End is of type flattened and it does not support format. You need remove the format parameter from your search query.

Hi, thank you very much for your quick response, can you let me know how I make this change?

Sorry for my ignorance, I'm new to elastic

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.