Query or Index problem, please help
I use elasticsearch-head.
The query is
{
query: {
term: {
nonsense:nonsense
}
}
}
The result does not care about the field and value I search for. It always
gives the entire index.
{
- took: 2
- timed_out: false
- _shards: {
- total: 5
- successful: 5
- failed: 0
}
- hits: {
- total: 10
- max_score: 1
- hits: [
- {
- _index: logstash-2014.08.18
- _type: logs
- _id: SMUgTGR9R-2SVaL1GTeX9A
- _score: 1
- _source: {
- message: ..
- @version: 1
- @timestamp: 2014-08-18T16:16:48.797Z
- host: dfwlndsrch-01.supermedia.com
- kw: area a realty
- town: South Bend
- state: IN
- ip: 198.64.136.68
- src: ve-whitepages-dt
}
}
- {
- _index: logstash-2014.08.18
- _type: logs
- _id: yWR6DC9sQ2yAqxG9FJXauw
- _score: 1
- _source: {
- message: ...
- @version: 1
- @timestamp: 2014-08-18T16:16:48.797Z
- host: dfwlndsrch-01.supermedia.com
- kw: Doors
- town: Chicago
- state: IL
- ip: 98.213.210.163
- src: lsxppc21611
}
}
- {
- _index: logstash-2014.08.18
- _type: logs
- _id: Z_e-DQQkSv2ON1ar1WooSQ
- _score: 1
- _source: {
- message:
- @version: 1
- @timestamp: 2014-08-18T16:16:48.797Z
- host: dfwlndsrch-01.supermedia.com
- kw: home improvement
- town: Clarkston
- state: GA
- ip: 172.56.1.181
- src: lsxppc19735
}
}
- {
- _index: logstash-2014.08.18
- _type: logs
- _id: SibOPwAASPOuod5xRB5LLg
- _score: 1
- _source: {
- message: ..
- @version: 1
- @timestamp: 2014-08-18T16:16:48.796Z
- host: dfwlndsrch-01.supermedia.com
- kw: Ready Mix Concrete
- town: Zephyrhills
- state: FL
- ip: 63.251.207.54
- src: comlocal5
}
}
--
You received this message because you are subscribed to the Google Groups
elasticsearch group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/b1579846-cc31-4772-9cd2-4e7c0019%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Query or Index problem, please help
Using elasticsearch-head I do query
{
query: {
term: {
NONSENSE:NONSENSE
}
}
}
The result shows the entire set no matter what I type in term
{
- took: 2
- timed_out: false
- _shards: {
- total: 5
- successful: 5
- failed: 0
}
- hits: {
- total: 10
- max_score: 1
- hits: [
- {
- _index: logstash-2014.08.18
- _type: logs
- _id: SMUgTGR9R-2SVaL1GTeX9A
- _score: 1
- _source: {
- message: ..
- @version: 1
- @timestamp: 2014-08-18T16:16:48.797Z
- host: .
- kw: area a realty
- town: South Bend
- state: IN
- ip: 198.64.136.68
- src: ve-whitepages-dt
}
}
- {
- _index: logstash-2014.08.18
- _type: logs
- _id: yWR6DC9sQ2yAqxG9FJXauw
- _score: 1
- _source: {
- message: ..
- @version: 1
- @timestamp: 2014-08-18T16:16:48.797Z
- host: ...
- kw: Doors
- town: Chicago
- state: IL
- ip: 98.213.210.163
- src: lsxppc21611
}
}
- {
- _index: logstash-2014.08.18
- _type: logs
- _id: Z_e-DQQkSv2ON1ar1WooSQ
- _score: 1
- _source: {
- message: ...
- @version: 1
- @timestamp: 2014-08-18T16:16:48.797Z
- host: ...
- kw: home improvement
- town: Clarkston
- state: GA
- ip: 172.56.1.181
- src: lsxppc19735
}
}
--
You received this message because you are subscribed to the Google Groups
elasticsearch group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/4ee5fa39-804b-4b48-9b76-21225daa9c35%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: Query or Index problem, please help
David, my question is what I am doing wrong.
Also when I do URI search
http://server:9200/_search?q=state:IN
I am getting 0 results
{took:2,timed_out:false,_shards:{total:5,successful:5,failed:0},hits:{total:0,max_score:null,hits:[]}}
What I could do wrong?
On Tuesday, August 19, 2014 9:20:43 AM UTC-4, David Pilato wrote:
I don't really understand the question but I'd say that you should use
Marvel / Sense.
It has a better support for running queries.
--
*David Pilato* | *Technical Advocate* | *Elasticsearch.com*
@dadoonet https://twitter.com/dadoonet | @elasticsearchfr
https://twitter.com/elasticsearchfr
Le 19 août 2014 à 15:10:25, vitaly (vitaly@gmail.com javascript:) a
écrit:
Using elasticsearch-head I do query
{
query: {
term: {
NONSENSE:NONSENSE
}
}
}
The result shows the entire set no matter what I type in term
{
- took: 2
- timed_out: false
- _shards: {
- total: 5
- successful: 5
- failed: 0
}
- hits: {
- total: 10
- max_score: 1
- hits: [
- {
- _index: logstash-2014.08.18
- _type: logs
- _id: SMUgTGR9R-2SVaL1GTeX9A
- _score: 1
- _source: {
- message: ..
- @version: 1
- @timestamp: 2014-08-18T16:16:48.797Z
- host: .
- kw: area a realty
- town: South Bend
- state: IN
- ip: 198.64.136.68
- src: ve-whitepages-dt
}
}
- {
- _index: logstash-2014.08.18
- _type: logs
- _id: yWR6DC9sQ2yAqxG9FJXauw
- _score: 1
- _source: {
- message: ..
- @version: 1
- @timestamp: 2014-08-18T16:16:48.797Z
- host: ...
- kw: Doors
- town: Chicago
- state: IL
- ip: 98.213.210.163
- src: lsxppc21611
}
}
- {
- _index: logstash-2014.08.18
- _type: logs
- _id: Z_e-DQQkSv2ON1ar1WooSQ
- _score: 1
- _source: {
- message: ...
- @version: 1
- @timestamp: 2014-08-18T16:16:48.797Z
- host: ...
- kw: home improvement
- town: Clarkston
- state: GA
- ip: 172.56.1.181
- src: lsxppc19735
}
}
--
You received this message because you are subscribed to the Google Groups
elasticsearch group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc...@googlegroups.com javascript:.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/4ee5fa39-804b-4b48-9b76-21225daa9c35%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/4ee5fa39-804b-4b48-9b76-21225daa9c35%40googlegroups.com?utm_medium=emailutm_source=footer
.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
elasticsearch group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/4ff89a22-7d5b-4843-a12c-eaeafc5df8ed%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: Query or Index problem, please help
David,
my index was created using logstash with Grok filter (see below) using our
logs as a stream in stdin.
I showed the index in my first message. When I am trying to search on
fields (no matter which field) it results in
{took:2,timed_out:false,_shards:{total:5,successful:5,failed:0},hits:{total:0,max_score:null,hits:[]}}
Please let me know what info is missing to provide you with.
Filter I use when creating the index:
filter{
grok{
match=[
message,
(?:\?|\)C\=%{DATA:kw}\%{DATA}\sT\s%{DATA:town}\sS\s%{WORD:state}\s%{DATA}%{IP:ip}
]
}
grok{
match=[
message,
(?:\?|\)SRC\=%{DATA:src}(?:\|$)
]
}
}
output {
elasticsearch {
host = localhost
}
stdout { codec = rubydebug }
}
On Tuesday, August 19, 2014 9:43:23 AM UTC-4, David Pilato wrote:
Have a look at http://www.elasticsearch.org/help/
We can probably help you if we understand what exactly you are doing.
IN could be an english stop word BTW (which is filtered by standard
analyzer on some elasticsearch versions).
--
*David Pilato* | *Technical Advocate* | *Elasticsearch.com*
@dadoonet https://twitter.com/dadoonet | @elasticsearchfr
https://twitter.com/elasticsearchfr
Le 19 août 2014 à 15:40:20, vitaly (vitaly@gmail.com javascript:) a
écrit:
David, my question is what I am doing wrong.
Also when I do URI search
http://server:9200/_search?q=state:IN
I am getting 0 results
{took:2,timed_out:false,_shards:{total:5,successful:5,failed:0},hits:{total:0,max_score:null,hits:[]}}
What I could do wrong?
On Tuesday, August 19, 2014 9:20:43 AM UTC-4, David Pilato wrote:
I don't really understand the question but I'd say that you should use
Marvel / Sense.
It has a better support for running queries.
--
*David Pilato* | *Technical Advocate* | *Elasticsearch.com*
@dadoonet https://twitter.com/dadoonet | @elasticsearchfr
https://twitter.com/elasticsearchfr
Le 19 août 2014 à 15:10:25, vitaly (vitaly@gmail.com) a écrit:
Using elasticsearch-head I do query
{
query: {
term: {
NONSENSE:NONSENSE
}
}
}
The result shows the entire set no matter what I type in term
{
- took: 2
- timed_out: false
- _shards: {
- total: 5
- successful: 5
- failed: 0
}
- hits: {
- total: 10
- max_score: 1
- hits: [
- {
- _index: logstash-2014.08.18
- _type: logs
- _id: SMUgTGR9R-2SVaL1GTeX9A
- _score: 1
- _source: {
- message: ..
- @version: 1
- @timestamp: 2014-08-18T16:16:48.797Z
- host: .
- kw: area a realty
- town: South Bend
- state: IN
- ip: 198.64.136.68
- src: ve-whitepages-dt
}
}
- {
- _index: logstash-2014.08.18
- _type: logs
- _id: yWR6DC9sQ2yAqxG9FJXauw
- _score: 1
- _source: {
- message: ..
- @version: 1
- @timestamp: 2014-08-18T16:16:48.797Z
- host: ...
- kw: Doors
- town: Chicago
- state: IL
- ip: 98.213.210.163
- src: lsxppc21611
}
}
- {
- _index: logstash-2014.08.18
- _type: logs
- _id: Z_e-DQQkSv2ON1ar1WooSQ
- _score: 1
- _source: {
- message: ...
- @version: 1
- @timestamp: 2014-08-18T16:16:48.797Z
- host: ...
- kw: home improvement
- town: Clarkston
- state: GA
- ip: 172.56.1.181
- src: lsxppc19735
}
}
--
You received this message because you are subscribed to the Google Groups
elasticsearch group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/4ee5fa39-804b-4b48-9b76-21225daa9c35%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/4ee5fa39-804b-4b48-9b76-21225daa9c35%40googlegroups.com?utm_medium=emailutm_source=footer
.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
elasticsearch group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc
Re: Query or Index problem, please help
Aleks,
none of the queries work.
On Tuesday, August 19, 2014 11:12:03 AM UTC-4, Aleks wrote:
Hi Vitaly,
Try making the request with lower case in :
http://server:9200/_search?q=state:in
Aleks
On Tuesday, August 19, 2014 3:40:13 PM UTC+2, vitaly wrote:
David, my question is what I am doing wrong.
Also when I do URI search
http://server:9200/_search?q=state:IN
I am getting 0 results
{took:2,timed_out:false,_shards:{total:5,successful:5,failed:0},hits:{total:0,max_score:null,hits:[]}}
What I could do wrong?
On Tuesday, August 19, 2014 9:20:43 AM UTC-4, David Pilato wrote:
I don't really understand the question but I'd say that you should use
Marvel / Sense.
It has a better support for running queries.
--
*David Pilato* | *Technical Advocate* | *Elasticsearch.com*
@dadoonet https://twitter.com/dadoonet | @elasticsearchfr
https://twitter.com/elasticsearchfr
Le 19 août 2014 à 15:10:25, vitaly (vitaly@gmail.com) a écrit:
Using elasticsearch-head I do query
{
query: {
term: {
NONSENSE:NONSENSE
}
}
}
The result shows the entire set no matter what I type in term
{
- took: 2
- timed_out: false
- _shards: {
- total: 5
- successful: 5
- failed: 0
}
- hits: {
- total: 10
- max_score: 1
- hits: [
- {
- _index: logstash-2014.08.18
- _type: logs
- _id: SMUgTGR9R-2SVaL1GTeX9A
- _score: 1
- _source: {
- message: ..
- @version: 1
- @timestamp: 2014-08-18T16:16:48.797Z
- host: .
- kw: area a realty
- town: South Bend
- state: IN
- ip: 198.64.136.68
- src: ve-whitepages-dt
}
}
- {
- _index: logstash-2014.08.18
- _type: logs
- _id: yWR6DC9sQ2yAqxG9FJXauw
- _score: 1
- _source: {
- message: ..
- @version: 1
- @timestamp: 2014-08-18T16:16:48.797Z
- host: ...
- kw: Doors
- town: Chicago
- state: IL
- ip: 98.213.210.163
- src: lsxppc21611
}
}
- {
- _index: logstash-2014.08.18
- _type: logs
- _id: Z_e-DQQkSv2ON1ar1WooSQ
- _score: 1
- _source: {
- message: ...
- @version: 1
- @timestamp: 2014-08-18T16:16:48.797Z
- host: ...
- kw: home improvement
- town: Clarkston
- state: GA
- ip: 172.56.1.181
- src: lsxppc19735
}
}
--
You received this message because you are subscribed to the Google
Groups elasticsearch group.
To unsubscribe from this group and stop receiving emails from it, send
an email to elasticsearc...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/4ee5fa39-804b-4b48-9b76-21225daa9c35%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/4ee5fa39-804b-4b48-9b76-21225daa9c35%40googlegroups.com?utm_medium=emailutm_source=footer
.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
elasticsearch group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/5e7c7362-d9dd-44c7-95f8-f48dcdcb2161%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
cluster health, status yellow
This is my health query and result.
http://host:9200/_cluster/health?pretty=true
{
cluster_name : elasticsearch,
status : yellow,
timed_out : false,
number_of_nodes : 1,
number_of_data_nodes : 1,
active_primary_shards : 10,
active_shards : 10,
relocating_shards : 0,
initializing_shards : 0,
unassigned_shards : 10
}
Does it show any issue?
What is this yellow ?
What is the meaning of unassigned_shards : 10 ?
--
You received this message because you are subscribed to the Google Groups
elasticsearch group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/a9d9c141-3c35-4c1c-a1c5-76a3ffc8d296%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
indexing problem when using logstash
I am using the foollowing config file
filter{
grok{
match=[
message,
(?:\?|\)C\=%{DATA:kw}\%{DATA}\sT\s%{DATA:town}\sS\s%{WORD:state}\s%{DATA}%{IP:ip}
]
}
grok{
match=[
message,
(?:\?|\)SRC\=%{DATA:src}(?:\|$)
]
}
}
output {
elasticsearch {
host = localhost
}
stdout { codec = rubydebug }
}
And I thought kw, town, state, etc. will be fields in elastic search.
But trying
http://localhost:9200/_search?q=town:* AND state:*
I am getting
{took:5,timed_out:false,_shards:{total:5,successful:5,failed:0},hits:{*total:0*,max_score:null,hits:[]}}
--
You received this message because you are subscribed to the Google Groups
elasticsearch group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/b99b5f5a-9063-4970-8da2-106efc5de196%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: help with a grok filter
On Monday, August 18, 2014 9:57:41 AM UTC-4, Kevin M wrote:
Could someone help me write a grok filter for this log real quick here is
what the log looks like:
Aug 18 09:40:39 server01 webmin_log: 172.16.16.96 - username
*[18/Aug/2014:09:40:39
-0400]* GET /right.cgi?open=systemopen=status HTTP/1.1 200 3228
here is what I have so far:
match = [ message, %{SYSLOGTIMESTAMP:timestamp} %{WORD:Server}
webmin_log: %{IP:IP_Address} - %{USERNAME:username} *[ stuck at this
middle part [18/Aug/2014:09:40:39 -0400] *] %{WORD:method}
%{URIPATHPARAM:request} HTTP/1.1 %{NUMBER:bytes} %{NUMBER:duration}
It is just a sequence of regular expressions catching fields one by one.
Look, e.g at my post.
--
You received this message because you are subscribed to the Google Groups
elasticsearch group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/fc1251d5-d346-475d-9d21-bf993b45062e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Constant re-syncing of mapping, ES 1.3.1
Hi, on my master node I constantly see in the logs the following messages: [2014-08-05 12:06:27,763][WARN ][cluster.metadata ] [ark.com. 01.ark74] [ark-profiles-2014-07-09] re-syncing mappings with cluster state for types [[profiles_v1]] [2014-08-05 12:06:27,783][WARN ][cluster.metadata ] [ark.com. 01.ark74] [ark-profiles-2014-08-01] re-syncing mappings with cluster state for types [[profiles_v1]] [2014-08-05 12:06:28,097][WARN ][cluster.metadata ] [ark.com. 01.ark74] [ark-profiles-2014-07-09] re-syncing mappings with cluster state for types [[profiles_v1]] [2014-08-05 12:06:28,118][WARN ][cluster.metadata ] [ark.com. 01.ark74] [ark-profiles-2014-08-01] re-syncing mappings with cluster state for types [[profiles_v1]] Any idea why this is happening? -- You received this message because you are subscribed to the Google Groups elasticsearch group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/c04f5cfa-a385-4be1-972f-047239622637%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
