Logs: graylog-server log indicates the root cause of the problem - it's a terms aggregation issue.
When the error appears in the ui, the following is logged: 2017-01-31_06:08:41.33295 2017-01-31 17:08:41,328 ERROR: org.graylog2.shared.rest.exceptionmappers.AnyExceptionClassMapper - Unhandled exception in REST resource 2017-01-31_06:08:41.33305 org.elasticsearch.action.search.SearchPhaseExecutionException: all shards failed 2017-01-31_06:08:41.33306 at org.elasticsearch.action.search.AbstractSearchAsyncAction.onFirstPhaseResult(AbstractSearchAsyncAction.java:206) ~[graylog.jar:?] ... at at at ... 2017-01-31_06:08:41.33339 at java.lang.Thread.run(Thread.java:745) [?:1.8.0_101] 2017-01-31_06:08:41.33340 Caused by: org.elasticsearch.search.aggregations.AggregationExecutionException: *terms aggregation cannot be applied to field [srcip_geolocation]. It can only be applied to numeric or string fields*. 2017-01-31_06:08:41.33341 at org.elasticsearch.search.aggregations.bucket.terms.TermsAggregatorFactory.doCreateInternal(TermsAggregatorFactory.java:276) ~[graylog.jar:?] ... at at at ... -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/27484f52-8728-480c-bcd2-436a5cd77677%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
