我正在尝试使用kibana更新elasticsearch中文档中字段的值。但是,我收到一条错误消息,这是我的查询:
POST /index/vzxk7HQBdfw0RPwEar9k/_update
{
"doc" : {
"tags" : "test tags"
}
}
弹性体返回的错误:
"error" : {
"root_cause" : [
{
"type" : "illegal_argument_exception",
"reason" : "field [host] not present as part of path [host.name]"
}
],
"type" : "illegal_argument_exception",
"reason" : "field [host] not present as part of path [host.name]"
},
"status" : 400
其中vzxk7hqbdfw0rpwear9k是文档id。这是文档:
{
"_index" : "index-2020.10.03-000001",
"_type" : "_doc",
"_id" : "vzxk7HQBdfw0RPwEar9k",
"_score" : 1.0,
"_source" : {
"agent" : {
"id" : "2",
"type" : "soft",
"version" : "1.0"
},
"@timestamp" : "2020-10-02T20:43:44.3670000+00:00",
"ecs" : {
"version" : "1.5.0"
},
"organization" : {
"name" : "org",
"id" : "1"
},
"host" : {
"hostname" : "PSFT-WINPPMISQL",
"name" : "PSFT-WINPPMISQL",
"type" : "system"
}
}
}
我不确定这是否与错误有关,但这是我的扩展策略:
{
"policies" : [
{
"config" : {
"match" : {
"name" : "index",
"indices" : [
"index"
],
"match_field" : "host.name",
"enrich_fields" : [
"tags",
"labels"
]
}
}
}
]
}
以及摄入管道:
{
"index" : {
"description" : "index",
"processors" : [
{
"enrich" : {
"field" : "host.name",
"policy_name" : "index",
"target_field" : "host.name"
}
}
]
}
}
我还尝试添加一个虚拟字段,但没有效果(我不确定这是否也相关):
POST index/_update/vzxk7HQBdfw0RPwEar9k {
"doc": {
"dummyfield": "new_name" }
}
返回错误:
"error" : {
"root_cause" : [
{
"type" : "mapper_parsing_exception",
"reason" : "failed to parse field [host.name] of type [text] in document with id 'vzxk7HQBdfw0RPwEar9k'. Preview of field's value: '{host={name=PSFT-WINPPMISQL}}'"
}
],
"type" : "mapper_parsing_exception",
"reason" : "failed to parse field [host.name] of type [text] in document with id 'vzxk7HQBdfw0RPwEar9k'. Preview of field's value: '{host={name=PSFT-WINPPMISQL}}'",
"caused_by" : {
"type" : "illegal_state_exception",
"reason" : "Can't get text on a START_OBJECT at 1:243"
}
},
暂无答案!
目前还没有任何答案,快来回答吧!