Rollup Jobs and Limitations / Data Types

Hi Guys,

I'm new to rollup jobs and I wanted to ask your opinion on some of the issues I'm encountering.

Question One: How to handle different data types such as IP

Here's my way of seeing it: Rollup jobs have to main components: the Metrics Fields which contain everything that can be condensed and manipulated basically floats and longs. And the Terms Fields which is everything else but only Keyword and Text. How does one handle stuff like IP or GEO IP Data types? Do some sort of conversion internally and save a duplicate as a string to be able to roll it up later on?

Question Two:
Sometimes I get the error message: "must be aggregatable across all indices, but is not" how can this happen? Can it have something to do with my ILM policy? I do an index rollover when I reach a certain size. This leads me to the question, do you guys have any special tips on how to combine this with index rollovers? Is pointing the index_pattern to the index alias name a good way to go about this.

With kind Regards
Michael

Welcome to our community! We aren't all guys though

On a conceptual level, the IP/location would be considered a "term", in that it's a unique identifier you want to attach the summarised metrics to. You should be able to run the rollup on it though, as per the examples on querying the field in the docs here (note, I haven't tried this myself).

Perhaps sharing more info, the full error, the rollup definition, etc, might help us identify the cause?

@warkolm Thanks for welcoming me! I am sorry i didn't ment to not include all genders...

I took a deeper look and IP datatypes are not shown to add terms... soo..

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.