IP address mapping conflict

marky · February 24, 2017, 6:31pm

Hi,

I tried searching for a solution to this but I wasn't able to get very far. I'm importing numerous JSON documents that contain various logs (AWS cloudtrail logs in this case) into Elasticsearch and then using Kibana to search them. I am not using logstash for this.

There is a field titled "sourceIPAddress" which is defined in all the index mappings as:

"sourceIPAddress" : {
    "type" : "ip"
}

This works for indexing and searching in Kibana, however Kibana states that this field is in conflict.

The index patterns page says that it changes in some indices but I'm unable to find the indices where it doesn't work. The only thing I can think of is that some events have no ' sourceIPAddress' field set at all but that doesn't seem like it should break my ability to use visualize on it.

Can anybody offer some guidance?

cjcenizal · February 24, 2017, 10:01pm

Hi Marky, from a quick Google search for "kibana field conflict", I found these links which sound like the same thing you're describing:

https://dev.sobeslavsky.net/kibana-how-to-solve-mapping-conflict/

The common answer to this problem is to reindex your data. Please try that and let me know if it helps!

Thanks,
CJ

marky · February 27, 2017, 5:06pm

Hi CJ,

Thanks for the response. I'm curious if there's a way to identify which document(s) caused the mapping conflict to begin with. Do you know of any ways to identify what document(s) or even indices may have caused the conflict?

cjcenizal · March 1, 2017, 12:56am

Unfortunately, there's no easy way to do that, from what I can tell.

system · March 29, 2017, 12:56am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.