Hi There, This is the query the histogram is trying to run.
curl -XGET 'http://log-analysis.channel4.com:/logstash-2013.12.12,logstash-2013.12.11,logstash-2013.12.10,logstash-2013.12.09,logstash-2013.12.08,logstash-2013.12.07,logstash-2013.12.06,logstash-2013.12.05,logstash-2013.12.04,logstash-2013.12.03,logstash-2013.12.02,logstash-2013.12.01,logstash-2013.11.30,logstash-2013.11.29,logstash-2013.11.28,logstash-2013.11.27,logstash-2013.11.26,logstash-2013.11.25,logstash-2013.11.24,logstash-2013.11.23,logstash-2013.11.22,logstash-2013.11.21,logstash-2013.11.20,logstash-2013.11.19,logstash-2013.11.18/_search?pretty' -d '{ "facets": { "0": { "date_histogram": { "key_field": "@timestamp", "value_field": "sc-bytes", "interval": "12h" }, "global": true, "facet_filter": { "fquery": { "query": { "filtered": { "query": { "query_string": { "query": "sc-bytes:*" } }, "filter": { "bool": { "must": [ { "fquery": { "query": { "field": { "type": { "query": "cloudfront" } } }, "_cache": true } }, { "fquery": { "query": { "field": { "PLATFORM": { "query": "\"test_system\"" } } }, "_cache": true } }, { "range": { "@timestamp": { "from": 1384772438978, "to": "now" } } }, { "fquery": { "query": { "field": { "cs-uri-stem": { "query": "*tt*" } } }, "_cache": true } } ] } } } } } } } }, "size": 0 }' On Wednesday, 18 December 2013 10:46:48 UTC, Johnathan Phan wrote: > > Hi everyone, > > I have a set of logs in ES from cloudfront. I have a field called > sc-bytes, I want the total from the btyes for a specific subset of data I > filter. I have tried the following. > > Adding a histogram, setting "Chart Value" to "Total". Then setting the > "Value field" to "sc-bytes". > > I get the following exception. > > ClassCastException[org.elasticsearch.index.fielddata.plain.PagedBytesIndexFieldData > > cannot be cast to org.elasticsearch.index.fielddata.IndexNumericFieldData] > > I have doubel checked this as logstash is setting the value to Number for > the field sc-bytes. Does anyone know what is wrong here? > > Regards > > John > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/d9772acc-5ee5-4479-a889-9d80c824f4ca%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
