Ok
I have a template...
*{*
* "template" : "logstash*",*
* "settings" : {*
* "index.store.compress.stored" : "true",*
* "index.cache.field.type" : "soft",*
* "index.query.default_field" : "@message",*
* },*
* "mappings" : {*
* "_default_" : {*
* "_all" : {"enabled" : false},*
* "_source": { "compress": true },*
* "properties" : {*
* "@fields" : {*
* "type" : "object",*
* "dynamic": true,*
* "path": "full",*
* "properties" : {*
* "errnum" : { "type":
"integer"}*
* }*
* },*
* "@message": { "type": "string", "index":
"analyzed" },*
* "@source": { "type": "string", "index":
"not_analyzed" },*
* "@source_host": { "type": "string",
"index": "not_analyzed" },*
* "@source_path": { "type": "string",
"index": "not_analyzed" },*
* "@tags": { "type": "string", "index":
"not_analyzed" },*
* "@timestamp": { "type": "date", "index":
"not_analyzed" },*
* "@type": { "type": "string", "index":
"not_analyzed" }*
* }*
* }*
* }*
*}*
Without template works, but I don't know why.
On Sunday, March 30, 2014 5:17:57 PM UTC+2, Israel Calvete wrote:
>
> I'm using ES 1.1.0.
>
> Index has been created with fluentd (plugin fluent-plugin-elasticsearch
> version 0.3.0) with directive *logstash_forma*t directive with value *true
> *to be compatible with logstash.
>
> Kibana don't show records.
>
> With tcpump I can see requests/responses flow. All seems good but this
> request don't get records.
>
> *POST /logstash-2014.03.29/_search HTTP/1.1*
>
>
> *{"query":{"filtered":{"query":{"bool":{"should":[{"query_string":{"query":"*"}}]}},"filter":{"bool":{"must":[{"range":{"@timestamp":{"from":1396103643779,"to":"now"}}}]}}}},"highlight":{"fields":{},"fragment_size":2147483647,"pre_tags":["@start-highlight@"],"post_tags":["@end-highlight@"]},"size":500,"sort":[{"@timestamp":{"order":"desc"}},{"@timestamp":{"order":"desc"}}]}*
>
> With this data returns records.
>
>
> *{"highlight":{"fields":{},"fragment_size":2147483647,"pre_tags":["@start-highlight@"],"post_tags":["@end-highlight@"]},"size":500,"sort":[{"@timestamp":{"order":"desc"}},{"@timestamp":{"order":"desc"}}]}*
>
> So the problems seems this.
>
>
> *{"query":{"filtered":{"query":{"bool":{"should":[{"query_string":{"query":"*"}}]}},"filter":{"bool":{"must":[{"range":{"@timestamp":{"from":1396103643779,"to":"now"}}}]}}}}}*
>
> In fact, this don't work neither.
>
>
> *{"query":{"filtered":{"query":{"bool":{"should":[{"query_string":{"query":"*"}}]}*
>
> In both cases response is ...
>
> *{*
> * "took": 5,*
> * "timed_out": false,*
> * "_shards": {*
> * "total": 5,*
> * "successful": 5,*
> * "failed": 0*
> * },*
> * "hits": {*
> * "total": 0,*
> * "max_score": null,*
> * "hits": []*
> * }*
> *}*
>
> If send the POST /logstash-2014.03.29/_search without data ES returns
> records.
>
> What's wrong?
>
> Thanks.
>
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/40daca97-39d7-4a50-bef8-757f68c14363%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
