org.elasticsearch.index.query.QueryShardException: failed to find geo_point field [geoip.location]

When creating a new visualization using geohash aggregation, I get the following error:

"Courier fetch: 5 of 10 shards failed."

Monitoring the elasticsearch log when performing this action, I get the following line:

"org.elasticsearch.index.query.QueryShardException: failed to find geo_point field [geoip.location]"

The weird thing: the map displays the circles correctly according to the data - derived from the ipaddress.

Here's my configuration:

On the logstash filter section:

geoip {
source => "ip_address"
}

Checking the document mapping:

"ip": {
"type": "ip"
},
"latitude": {
"type": "half_float"
},
"location": {
"type": "geo_point"
},
"longitude": {
"type": "half_float"
},

Checking the ingested data:

geoip.location {
"lon": -122.3422,
"lat": 47.6344
}

Since I can see the correct map, I would assume this kind of error should not occur. Any idea?

Thanks.

is it possible that you are searching across two indices, and only one of them has the field correctly mapped to a geo point?

Yeas, thought about that. To make sure I am doing the right thing, I deleted all indexes used on this search and just kept the newly created. Still got the same problem. Thanks.

can you create a fully reproducible example under 6.5?

For some mysterious reason, the issue just disappeared :-S

Although I'm glad not to see the error, I'm not comfortable not knowing what was done to solve it. I'm still using 6.3, didn't have the opportunity to upgrade to 6.5. Most probably I deleted all indexes and just ingested again in a fresh one, not an action that I would suggested as a good solution.

Thanks anyway for the support.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.