Watch-history fieldname error

Ryan_Grannell · January 31, 2017, 12:45pm

Version: v2.4.3

Hi,

I'm currently running into a problem where the watch-history record for a particular watcher isn't index due complains about the fieldname ctx.payload.hits.total:

[2017-01-31 11:33:51,687][ERROR][watcher.execution ] failed to update watch record     [recovery_ceased_log_source_***_dev_wa_userapi_cus_1689-2017-01-31T11:33:51.268Z]     MapperParsingException[Field name [ctx.payload.hits.total] cannot contain '.']

This is unfortunate, as I need my watch-history-* indices to contain 100% accurate data. I have a series of "recovery" watchers that read through the execution history, and send a 'recovered' message when things are back to normal (e.g excess disk usage watcher stopped triggering)

Is there any easy way to fix this?

The watcher that triggered this error is included below. It is a chained-input watcher that checks:

did the ceased_log_source watcher execute?
did the ceased_log_source watcher "recover"?
did this watcher trigger?
- if so, don't pass this watcher's condition
otherwise, was the input-order the order executed -> recovered?
- if so, trigger this watcher

pastebin.com

http://pastebin.com/raw/UTT1iQFX

    {
      "found": true,
      "_id": "recovery_ceased_log_source_***_dev_wa_userapi_cus",
      "_status": {
        "version": 16,
        "state": {
          "active": true,
          "timestamp": "2017-01-25T14:44:39.121Z"
        },
        "last_checked": "2017-01-31T12:08:51.266Z",

This paste has been truncated. show original

spinscale · January 31, 2017, 1:11pm

Hey,

can you paste the output of an _execute run, so that we can see the output that is supposed to be stored in the watch history?

--Alex

Ryan_Grannell · January 31, 2017, 2:24pm

Hi Alex,

Sure; here's

pastebin.com

http://pastebin.com/raw/XT2Ve7KL

{
  "_id": "recovery_ceased_log_source_***_dev_wa_userapi_cus_6-2017-01-31T13:56:35.512Z",
  "watch_record": {
    "watch_id": "recovery_ceased_log_source_***_dev_wa_userapi_cus",
    "state": "execution_not_needed",
    "trigger_event": {
      "type": "manual",
      "triggered_time": "2017-01-31T13:56:35.480Z",
      "manual": {
        "schedule": {

This paste has been truncated. show original

and with "ignore-condition": true

pastebin.com

http://pastebin.com/raw/SpRZAuYz

{
  "_id": "recovery_ceased_log_source_***_dev_wa_userapi_cus_14-2017-01-31T14:22:07.011Z",
  "watch_record": {
    "watch_id": "recovery_ceased_log_source_***_dev_wa_userapi_cus",
    "state": "executed",
    "trigger_event": {
      "type": "manual",
      "triggered_time": "2017-01-31T14:22:07.011Z",
      "manual": {
        "schedule": {

This paste has been truncated. show original

spinscale · January 31, 2017, 4:28pm

Hey,

After a quick glance I think there is an issue with the mapping of chained inputs, where fields are accidentally mapped that should not be... will keep you posted

--Alex

spinscale · January 31, 2017, 5:11pm

Hey,

so the the default setup looks ok to me (tested with a fresh installation, no old data). Can you show me

The output of GET /_template/watch_history
The output of a mapping of the affected watch history index

Thanks!

--Alex

Ryan_Grannell · January 31, 2017, 5:20pm

Sure;

Just for clarity, I used today's mapping since that's when the error I provided occurred ( 2017-01-31 11:33:51,687 )

spinscale · February 1, 2017, 7:57am

Hey,

it looks as if you are using an old watcher history template can you run

DELETE _template/watch_history
# wait a moment and the new template should be added
GET _template/watch_history

The new template should have a different path_math value for the disabled_payload_fields in the dynamic templates.

P.S. This also means, that the new template is only applied the next day, unless you delete todays watch history.

--Alex

Ryan_Grannell · February 1, 2017, 4:50pm

Thanks a million for helping. I recreated the template as described, I'll comment here tomorrow letting you know if this resolved the problem

Edit: or tomorrow, as my cluster went into a red-state today & needed to be restored, ...

Ryan_Grannell · February 3, 2017, 10:39am

Thanks, that worked perfectly

system · March 3, 2017, 10:39am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.