Rollup Jobs and Limitations / Data Types

michaelpietzsch · July 27, 2020, 9:50am

Hi Guys,

I'm new to rollup jobs and I wanted to ask your opinion on some of the issues I'm encountering.

Question One: How to handle different data types such as IP

Here's my way of seeing it: Rollup jobs have to main components: the Metrics Fields which contain everything that can be condensed and manipulated basically floats and longs. And the Terms Fields which is everything else but only Keyword and Text. How does one handle stuff like IP or GEO IP Data types? Do some sort of conversion internally and save a duplicate as a string to be able to roll it up later on?

Question Two:
Sometimes I get the error message: "must be aggregatable across all indices, but is not" how can this happen? Can it have something to do with my ILM policy? I do an index rollover when I reach a certain size. This leads me to the question, do you guys have any special tips on how to combine this with index rollovers? Is pointing the index_pattern to the index alias name a good way to go about this.

With kind Regards
Michael

warkolm · July 27, 2020, 10:28am

Welcome to our community! We aren't all guys though

On a conceptual level, the IP/location would be considered a "term", in that it's a unique identifier you want to attach the summarised metrics to. You should be able to run the rollup on it though, as per the examples on querying the field in the docs here (note, I haven't tried this myself).

Perhaps sharing more info, the full error, the rollup definition, etc, might help us identify the cause?

michaelpietzsch · July 27, 2020, 11:18am

@warkolm Thanks for welcoming me! I am sorry i didn't ment to not include all genders...

I took a deeper look and IP datatypes are not shown to add terms... soo..

system · August 24, 2020, 11:18am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.