Unable to create index in Elastic search using API

rupini · May 20, 2020, 3:49am

Hi, I am trying to create index in Elastic search using API in Kibana dev tools.

PUT /ipflow-logs
{
  "ipflow-logs" : {
    "mappings" : {
      "properties" : {
        "conn_state" : {
          "type" : "keyword"
        },
        "content_length" : {
          "type" : "long"
        },
        "content_type" : {
          "type" : "keyword"
        },
        "createdDate" : {
          "type" : "keyword"
        },
        "dst_ip" : {
          "type" : "ip"
        },
        "dst_port" : {
          "type" : "long"
        },
        "duration" : {
          "type" : "long"
        },
        "history" : {
          "type" : "keyword"
        },
        "local_orig" : {
          "type" : "keyword"
        },
        "missed_bytes" : {
          "type" : "long"
        },
        "orig_bytes" : {
          "type" : "long"
        },
        "orig_ip_bytes" : {
          "type" : "long"
        },
        "orig_pkts" : {
          "type" : "long"
        },
        "protocol" : {
          "type" : "keyword"
        },
        "resp_bytes" : {
          "type" : "long"
        },
        "resp_ip_bytes" : {
          "type" : "long"
        },
        "resp_pkts" : {
          "type" : "long"
        },
        "service" : {
          "type" : "keyword"
        },
        "src_ip" : {
          "type" : "ip"
        },
        "src_port" : {
          "type" : "long"
        },
        "timestamp" : {
          "type" : "date",
          "format" : "yyyy-MM-dd 'T' HH:mm:ss.SSS"
        },
        "uid" : {
          "type" : "keyword"
        }
      }
    }
  }
}

I am getting the following error

{
  "error": {
    "root_cause": [
      {
        "type": "parse_exception",
        "reason": "unknown key [ipflow-logs] for create index"
      }
    ],
    "type": "parse_exception",
    "reason": "unknown key [ipflow-logs] for create index"
  },
  "status": 400
}

Any help is appreciated.

Thanks

warkolm · May 20, 2020, 4:15am

Check out https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping.html#create-mapping.

Basically you need to remove ipflow-logs at the URL or top json level.

rupini · May 20, 2020, 4:39am

Thanks @warkolm for your reply. It worked to solve the issue.

After I created the index, am trying to use reindex API to copy documents from another index. I am getting the following error.

"failures": [
    {
      "index": "ipflow-logs",
      "type": "_doc",
      "id": "EwZxLHIBwqu9v3DPUWLu",
      "cause": {
        "type": "mapper_parsing_exception",
        "reason": "failed to parse field [timestamp] of type [date] in document with id 'EwZxLHIBwqu9v3DPUWLu'. Preview of field's value: '2012-03-16 20:30:00.060'",
        "caused_by": {
          "type": "illegal_argument_exception",
          "reason": "failed to parse date field [2012-03-16 20:30:00.060] with format [yyyy-MM-dd 'T' HH:mm:ss.SSS]",
          "caused_by": {
            "type": "date_time_parse_exception",
            "reason": "date_time_parse_exception: Text '2012-03-16 20:30:00.060' could not be parsed at index 11"
          }
        }
      },
      "status": 400

Is it possible to point out where I am going wrong?. Thanks

forloop · May 21, 2020, 12:24am

The format of the date '2012-03-16 20:30:00.060' does not match the format that you have defined for timestamp, which is

The format should be "yyyy-MM-dd HH:mm:ss.SSS", or you can specify multiple formats if you expect multiple formats, "yyyy-MM-dd 'T' HH:mm:ss.SSS||yyyy-MM-dd HH:mm:ss.SSS"

system · June 18, 2020, 12:24am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.