No mapping found for [index]

Elastic Stack Elasticsearch
1

in es log
org.elasticsearch.search.SearchParseException: [logstash-2016.10.21][4]: from[-1],size[500]: Parse Failure [Failed to parse source [{"size":500,"sort":{"tstamp":"asc"},"query":{"filtered":{"query":{"query_string":{"analyze_wildcard":true,"query":""}},"filter":{"bool":{"must":[{"range":{"tstamp":{"gte":1490595144374,"lte":1490609544374}}}],"must_not":[]}}}},"highlight":{"pre_tags":["@kibana-highlighted-field@"],"post_tags":["@/kibana-highlighted-field@"],"fields":{"":{}}},"aggs":{"2":{"date_histogram":{"field":"tstamp","interval":"5m","pre_zone":"+05:30","pre_zone_adjust_large_interval":true,"min_doc_count":0,"extended_bounds":{"min":1490595144374,"max":1490609544374}}}},"fields":["*","source"],"scriptfields":{},"fielddata_fields":["_timestamp","@timestamp","tstamp"]}]]
Parse Failure [No mapping found for [tstamp] in order to sort on]];

Actullay i created index called tstamp which contain exact time stamp of log
my log file -- > 03-27-2017 10:26:13 INFO ................
my conf
filter {
grok {
match => [ "message", "%{DATESTAMP:timestamp}" ]
}
date {
locale => "en"
match => [ "timestamp", "MM-dd-YYYY HH:mm:ss","ISO8601" ]
target => ["tstamp"]
remove_field => ["timestamp"]
}
}
Json i got
"message" => "03-27-2017 10:26:11 INFO - in DAO Impl query: fetching username from username_notification table",
"@version" => "1",
"@timestamp" => "2017-03-27T09:33:50.768Z",
"host" => "Vishnu-Prasad.local",
"path" => "/Users/tcstsb3/Downloads/batch/starbuck-batch-service.log",
"tstamp" => "2017-03-27T04:56:11.000Z"
}

in kibana i added new index called tstamp i overrided the changes
but i dont know why this showing error No mapping found

can you plz help me

2

Run a GET index/_mapping query and check.

Note that if you are sending this query on multiple indices but one does not have this field it can fails like this.

3

I dont have curl , how to get from url

4

http://localhost:9200/index/_mapping?pretty

5

tstamp is my index if i called in browser
http://localhost:9200/index/_mapping?tstamp

{"error":"IndexMissingException[[index] missing]","status":404}

how to map the index ,I dont know how to proceed
can you help me.

6

http://localhost:9200/tstamp/_mapping?pretty

7

thank you, now this is coming

{
"error" : "IndexMissingException[[tstamp] missing]",
"status" : 404
}

how to solve this buddy

8

So the index name is logstash-something. Not tstamp.

Do a GET on logstash-2016.10.21/_mapping?pretty

Looks like a really old index so I believe you have old data in your cluster so you don't have this field.

Instead of creating an index pattern on all logstash indices, either remove old indices if you don't need them or create an index pattern only for logstash-2017.03.27

9

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.