読者です 読者をやめる 読者になる 読者になる

Kibana3 + Elasticsearchでエラーが止まらない

kibana3 + Elasticsearchを組んだ際に、若干はまったところのメモ

kibanaを導入して、グラフを作った瞬間ElasticsearchにDEBUGレベルで大量にエラーが吐き出された

[2014-12-18 12:51:06,254][DEBUG][action.search.type       ] [Comet] [kibana-int][4], node[xi8KVRzfQmiJqS9txENE8g], [P], s[STARTED]: Failed to execute [org.elasticsearch.action.search.SearchRequest@7d5de0a6] lastShard [true]
org.elasticsearch.search.SearchParseException: [kibana-int][4]: from[-1],size[-1]: Parse Failure [Failed to parse source [{"facets":{"22":{"date_histogram":{"key_field":"@timestamp","value_field":"count","interval":"30s"},"global":true,"facet_filter":{"fquery":{"query":{"filtered":{"query":{"query_string":{"query":"status_code:(>=500 AND <600)"}},"filter":{"bool":{"must":[{"range":{"@timestamp":{"from":1418871064739,"to":1418874664739}}}]}}}}}}}},"size":0}]]
	at org.elasticsearch.search.SearchService.parseSource(SearchService.java:660)
	at org.elasticsearch.search.SearchService.createContext(SearchService.java:516)
	at org.elasticsearch.search.SearchService.createAndPutContext(SearchService.java:488)
	at org.elasticsearch.search.SearchService.executeQueryPhase(SearchService.java:257)
	at org.elasticsearch.search.action.SearchServiceTransportAction$5.call(SearchServiceTransportAction.java:206)
	at org.elasticsearch.search.action.SearchServiceTransportAction$5.call(SearchServiceTransportAction.java:203)
	at org.elasticsearch.search.action.SearchServiceTransportAction$23.run(SearchServiceTransportAction.java:517)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
	at java.lang.Thread.run(Thread.java:745)
Caused by: org.elasticsearch.search.facet.FacetPhaseExecutionException: Facet [22]: (key) field [@timestamp] not found
	at org.elasticsearch.search.facet.datehistogram.DateHistogramFacetParser.parse(DateHistogramFacetParser.java:169)
	at org.elasticsearch.search.facet.FacetParseElement.parse(FacetParseElement.java:93)
	at org.elasticsearch.search.SearchService.parseSource(SearchService.java:644)
	... 9 more

kibanaの設定をデフォルトにしておくと、ダッシュボードまで検索対象に含めてしまってエラーになってしまうらしい

curl http://localhost/api/_mapping?pretty
{
  "kibana-int" : {
    "mappings" : {
      "dashboard" : {
        "properties" : {
          "dashboard" : {
            "type" : "string"
          },
          "group" : {
            "type" : "string"
          },
          "title" : {
            "type" : "string"
          },
          "user" : {
            "type" : "string"
          }
        }
      }
    }
  }
}

これの、
f:id:hase-xpw:20141218130650p:plain

この設定を
f:id:hase-xpw:20141218130701p:plain

_allからログのindex名に書き換えればエラーが出なくなる