Shard failure. Fielddata disabled on text fields by default

Elastic Stack Kibana
1

I am new to elastic stack. Aim is to visualize access logs data in kibana. I have taken a sample apache log from elastic stack documentation and used the following logstash configuration file:

input {

file {

path => "/tmp/access_log"

start_position => "beginning"

}

}

filter {

if [path] =~ "access" {

mutate { replace => { "type" => "apache_access" } }

grok {

  match => { "message" => "%{COMBINEDAPACHELOG}" }

}

}

date {

match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]

}

}

output {

elasticsearch { hosts => ["localhost:9200"]

user => username

password => password

index => "apache-access.log"

}

stdout { codec => rubydebug }

}

The script is working fine except for the part that some problem is with "timestamp" field.

Index: apache-access.log Shard: 0 Reason: {"type":"illegal_argument_exception","reason":"Fielddata is disabled on text fields by default. Set fielddata=true on [timestamp] in order to load fielddata in memory by uninverting the inverted index. Note that this can however use significant memory. Alternatively use a keyword field instead."}

Plz help ASAP. Thank you

2

Where does it say that exactly.

3

In kibana "Discover" tab. When I search for the index I have saved this.

4

@warkolm: On expanding a particular index in the discover tab. If I open any document of it then for "tag" it is showing _grokparsefailure ... However index is being created.

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.