Hi all,
get MapperParsingException failed to parse in 0.90.10
[2014-02-11 16:05:09,402][DEBUG][action.bulk ] [Thunderbolt]
[logstash-2014.02.11][4] failed to execute bulk item (index) index
{[logstash-2014.02.11][suricata][deuCC2bkRvehNSA62tuuHw],
source[{"tags":["suricata"],"@version":1,"@timestamp":"2014-02-11T16:05:07.540+01:00","host":"ipd1.felten-group.com","file":{"filename":"/SpamResolverNG/SpamResolverNG.dll","magic":"data","state":"CLOSED","stored":false,"size":115},"message":"{\"time\":\"02\\/11\\/2014-15:05:07.540410\",\"event_type\":\"file\",\"src_ip\":\"84.39.152.31\",\"src_port\":80,\"dest_ip\":\"192.168.100.120\",\"dest_port\":3255,\"proto\":\"TCP\",\"http\":{\"url\":\"\\/SpamResolverNG\\/SpamResolverNG.dll?DoNewRequest\",\"hostname\":\"resolver1.altn.ctmail.com\",\"http_refer\":\"<unknown>\",\"http_user_agent\":\"Mozilla\\/4.0
(compatible; Win32; Commtouch Http
Client)\"},\"file\":{\"filename\":\"\\/SpamResolverNG\\/SpamResolverNG.dll\",\"magic\":\"data\",\"state\":\"CLOSED\",\"stored\":false,\"size\":115}}","type":"suricata","received_at":"2014-02-11
16:05:07
+0100","event_type":"file","src_ip":"84.39.152.31","src_port":80,"proto":"TCP","http":{"url":"/SpamResolverNG/SpamResolverNG.dll?DoNewRequest","hostname":"resolver1.altn.ctmail.com","http_refer":"<unknown>","http_user_agent":"Mozilla/4.0
(compatible; Win32; Commtouch Http
Client)"},"dst_ip":"192.168.100.120","dst_port":3255,"geoip":{"ip":"84.39.152.31","country_code2":"DE","country_code3":"DEU","country_name":"Germany","continent_code":"EU","latitude":51.0,"longitude":9.0,"timezone":"Europe/Berlin","location":[9.0,51.0]}}]}
org.elasticsearch.index.mapper.MapperParsingException: failed to parse
[file]
at
org.elasticsearch.index.mapper.core.AbstractFieldMapper.parse(AbstractFieldMapper.java:416)
at
org.elasticsearch.index.mapper.multifield.MultiFieldMapper.parse(MultiFieldMapper.java:204)
at
org.elasticsearch.index.mapper.object.ObjectMapper.serializeObject(ObjectMapper.java:514)
at
org.elasticsearch.index.mapper.object.ObjectMapper.parse(ObjectMapper.java:456)
at
org.elasticsearch.index.mapper.DocumentMapper.parse(DocumentMapper.java:516)
at
org.elasticsearch.index.mapper.DocumentMapper.parse(DocumentMapper.java:460)
at
org.elasticsearch.index.shard.service.InternalIndexShard.prepareCreate(InternalIndexShard.java:353)
at
org.elasticsearch.action.bulk.TransportShardBulkAction.shardIndexOperation(TransportShardBulkAction.java:402)
at
org.elasticsearch.action.bulk.TransportShardBulkAction.shardOperationOnPrimary(TransportShardBulkAction.java:156)
at
org.elasticsearch.action.support.replication.TransportShardReplicationOperationAction$AsyncShardOperationAction.performOnPrimary(TransportShardReplicationOperationAction.java:556)
at
org.elasticsearch.action.support.replication.TransportShardReplicationOperationAction$AsyncShardOperationAction$1.run(TransportShardReplicationOperationAction.java:426)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:701)
Caused by: org.elasticsearch.ElasticSearchIllegalArgumentException: unknown
property [filename]
at
org.elasticsearch.index.mapper.core.StringFieldMapper.parseCreateFieldForString(StringFieldMapper.java:310)
at
org.elasticsearch.index.mapper.core.StringFieldMapper.parseCreateField(StringFieldMapper.java:261)
at
org.elasticsearch.index.mapper.core.AbstractFieldMapper.parse(AbstractFieldMapper.java:405)
and this is my mapping:
{
"template" : "logstash-*",
"settings" : {
"index.refresh_interval" : "5s",
"analysis" : {
"analyzer" : {
"default" : {
"type" : "standard",
"stopwords" : "_none_"
}
}
}
},
"mappings" : {
"_default_" : {
"_all" : {"enabled" : true},
"dynamic_templates" : [ {
"string_fields" : {
"match" : "*",
"match_mapping_type" : "string",
"mapping" : {
"type" : "multi_field",
"fields" : {
"{name}" : {"type": "string", "index" : "analyzed",
"omit_norms" : true },
"raw" : {"type": "string", "index" : "not_analyzed",
"ignore_above" : 256}
}
}
}
} ],
"properties" : {
"@version": { "type": "string", "index": "not_analyzed" },
"ipver":{"type":"long"},
"protocol":{"type":"long"},
"size":{"type":"long"},
"sp":{"type":"long"},
"stored":{"type":"boolean"},
"@timestamp":{"type":"date", "format":"dateOptionalTime"},
"dp":{"type":"long"},
"rcvd":{"type":"long"},
"sent":{"type":"long"},
"sid":{"type":"long"},
"policy_id":{"type":"long"},
"size":{"type":"long"},
"ids_priority":{"type":"long"},
"duration":{"type":"long"},
"src_port":{"type":"long"},
"src_xlated_port":{type: "long"},
"dst_port":{"type":"long"},
"dst_xlated_port":{type: "long"},
"TTL":{"type":"long"},
"geoip" : {
"type" : "object",
"dynamic": true,
"path": "full",
"properties" : {
"location" : { "type" : "geo_point" }
}
}
}
}
}
}
Any idea ?
thanks for any help here.
Stefan
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/e0f01d48-9131-4e9a-9df5-e50e91e55ea2%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
