0

I am getting this error "No mapping found for [@timestamp] in order to sort logstash"

My conf file

input { elasticsearch {
 
 hosts => ["localhost"]
 index => "employees_data"
 query => '{ "query": { "match_all": { } } }'
 scroll => "5m"
 docinfo => true}}filter {elasticsearch {
 hosts => ["localhost"]
 index => "transaction_data"
 query => "code:1"
 fields => { 
             "code"=>"Code"
             "payment" => "Payment"
             "moth"=>"Month"}}}output {elasticsearch { hosts => ["localhost"]index => "join"}}
user223321
  • 155
  • 1
  • 15

1 Answers1

1

This is because of the sort parameter of the elasticsearch filter plugin. If unspecified, it defaults to @timestamp:desc and you probably don't have that field.

Just make the following change and you should be good to go:

filter {
    elasticsearch {
        hosts => ["localhost"]
        index => "transaction_data"
        query => "code:1"
        sort => "code:asc"                   <--- add this line
        fields => {
            "code"=>"Code"
            "payment" => "Payment"
            "moth"=>"Month"
        }
    }
}
Val
  • 207,596
  • 13
  • 358
  • 360
  • i've two records in transaction_data but it is getting the latest one .how to get both records – user223321 Sep 25 '20 at 12:54
  • 1
    You can add `result_size => 2` as well, as the default value is 1 – Val Sep 25 '20 at 12:56
  • is there any way to set in infinite or something – user223321 Sep 25 '20 at 12:57
  • 1
    You can set to any number up to 10000, the default value that can be changed if necessary, but I don't see the reason in your case – Val Sep 25 '20 at 13:07
  • is there any way to filter only one index just like in employees_data i want to filter out records from city like city :mumbai – user223321 Sep 28 '20 at 07:06
  • Please ask a new question as this one is closed and your new question is pretty much unrelated to this one. – Val Sep 28 '20 at 07:07
  • Please help https://stackoverflow.com/questions/64221149/is-there-any-way-to-flatten-json-data-in-logstash – user223321 Oct 06 '20 at 08:03