IP address mapping conflict

marky · February 24, 2017, 6:31pm

Hi,

I tried searching for a solution to this but I wasn't able to get very far. I'm importing numerous JSON documents that contain various logs (AWS cloudtrail logs in this case) into Elasticsearch and then using Kibana to search them. I am not using logstash for this.

There is a field titled "sourceIPAddress" which is defined in all the index mappings as:

"sourceIPAddress" : {
    "type" : "ip"
}

This works for indexing and searching in Kibana, however Kibana states that this field is in conflict.

The index patterns page says that it changes in some indices but I'm unable to find the indices where it doesn't work. The only thing I can think of is that some events have no ' sourceIPAddress' field set at all but that doesn't seem like it should break my ability to use visualize on it.

Can anybody offer some guidance?

cjcenizal · February 24, 2017, 10:01pm

Hi Marky, from a quick Google search for "kibana field conflict", I found these links which sound like the same thing you're describing:

github.com/elastic/kibana

Mapping conflict! 14 fields are defined as several types

opened 10:11AM - 02 Jan 15 UTC

closed 06:04PM - 02 Jan 15 UTC

Vinaymuthanna

Mapping conflict! 14 fields are defined as several types (string, integer, etc) …across the indices that match this pattern. You may still be able to use these conflict fields in parts of Kibana, but they will be unavailable for functions that require Kibana to know their type. Correcting this issue will require reindexing your data. Use the following command to create an index. # curl -XPUT localhost:9200/_river/my_csv_river/_meta -d' { "type" : "csv", "csv_file" : { "folder" : "/home/paqs/Downloads/kibana/hun", "filename_pattern" : ".*\.csv$", "poll":"1m", "fields" : [ "SiNo", "UserId", "UserName", "Time", "Latitude", "Longitude", "Sublocation", "Location", "State", "Country", "Temperature", "Prefferedtemp", "AvgPtemp", "Humidity", "AvgHum", "Pollution", "AvgPollution", "Dust", "Davg" ], "first_line_is_header" : "false", "field_separator" : ",", "escape_character" : "\", "quote_character" : "\"", "field_id" : "id", "field_timestamp" : "imported_at", "concurrent_requests" : "1", "charset" : "UTF-8", "script_before_file": "/home/paqs/Downloads/kibana/hun/before_file.sh", "script_after_file": "/home/paqs/Downloads/kibana/hun/after_file.sh", "script_before_all": "/home/paqs/Downloads/kibana/hun/before_all.sh", "script_after_all": "/home/paqs/Downloads/kibana/hun/after_all.sh" }, "index" : { "index" : "han", "type" : "chal", "bulk_size" : 1000, "bulk_threshold" : 10 } }' curl -XPUT http://localhost:9200/han -d ' { "settings" : { "number_of_shards" : 1 }, "mappings" : { "alert" : { "properties" : { "UserName" : {"type" : "string", "index" : "not_analyzed"}, "Sublocation" : {"type" : "string", "index" : "not_analyzed"}, "Location" : {"type" : "string", "index" : "not_analyzed"}, "State" : {"type" : "string", "index" : "not_analyzed"}, "Country" : {"type" : "string", "index" : "not_analyzed"}, "Time" : {"type" : "date", "ignore_malformed" : true, "format" : "dateOptionalTime"}, "Pollution" : {"type" : "integer"}, "Dust" : {"type" : "integer"}, "UserId" : {"type" : "integer"}, "SiNo" : {"type" : "long"}, "Humidity" : {"type" : "double"}, "Prefferedtemp" : {"type" : "double"}, "Temperature" : {"type" : "double"}, "AvgHum" : {"type" : "double"}, "AvgPtemp" : {"type" : "double"}, "AvgPollution" : {"type" : "double"}, "Davg" : {"type" : "double"}, "Latitude" : {"type" : "double"}, "Longitude" : {"type" : "double"} } } } }' 5) This is my csv file contains these value example row[1]:-------"342379","875","Testaasim","1412294400","12.9289196","77.6352281"," Koramangala","Bengaluru","Karnataka","India","33.6","23","23.177777777778","54.6","54.722222222222","858","847","0","824.88888888889" Row[2]:------ "350214","875","Testaasim","1412294400","12.928922","77.6352343"," Koramangala "," Bengaluru","Karnataka"," India","33.3","23","23.177777777778","54.5","54.722222222222","580","847","6681","824.88888888889" y the confilt error is occuring did i need to change any thing in index or mapping ..plzz some one resolve this confilt ....

https://dev.sobeslavsky.net/kibana-how-to-solve-mapping-conflict/

The common answer to this problem is to reindex your data. Please try that and let me know if it helps!

Thanks,
CJ

marky · February 27, 2017, 5:06pm

Hi CJ,

Thanks for the response. I'm curious if there's a way to identify which document(s) caused the mapping conflict to begin with. Do you know of any ways to identify what document(s) or even indices may have caused the conflict?

cjcenizal · March 1, 2017, 12:56am

Unfortunately, there's no easy way to do that, from what I can tell.

system · March 29, 2017, 12:56am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.