My error is this:
[esaggs] > Request to Elasticsearch failed: {"error":{"root_cause":[{"type":"null_pointer_exception","reason":null}],"type":"search_phase_execution_exception","reason":"all shards failed","phase":"query","grouped":true,"failed_shards":[{"shard":0,"index":"log_data","node":"iFm60hiuQIS1BcgO9rul6w","reason":{"type":"null_pointer_exception","reason":null}}],"caused_by":{"type":"null_pointer_exception","reason":null,"caused_by":{"type":"null_pointer_exception","reason":null}}},"status":500}
and my scripted field (type string) is this:
return "0.0.0.0";
Super brain-dead test to see if I could return anything and avoid the error. Nope 
I must be doing something fundamentally wrong...
Thanks for any help or tips! 