How to get min value in elasticsearch curl command -

-

i newbie elasticsearch. want min value particular day of log line's field. kibana shows indexed data follows:

@timestamp      2015-07-30t22:22:07.071-07:00  @version        1  type        mtalogs  integerdata     052256894-0400  msgtype     received internet  msgid       qamail-4.02.0220150730080248.ijruj.email-qa-sun26@172.20.1.10  msgsize     5635  path        /opt/user1/log/mta.log  processid       23441  protocol        smtp  rcpts       pd10@myoxdomain.com  sender      pd9@myoxdomain.com  servername      mta  sid     4f9f325e-8decdb12-00003556.1  time        0  tracename       msgtrace

i want min value of msgsize curl coomand.

my curl command follows:

curl -xget 'http://localhost:9200/_all/_search?pretty=true' -d '{     "query" : {         "bool" : {                 "must" : [                         {                         "match" : {                                 "type" : "mtalogs"                         }},                         {                         "match" : {                                 "msgtype" : "received internet"                         }}  ,                         {                         "filtered" : {                         "filter" : {                                 "range" : {                                         "@timestamp" : {                                                 "from" : "2015-07-30t00:00:00",                                                 "to" : "2015-07-30t23:59:59"                                         }                                 }                         }                         }                         }                 ]         }     },     "aggs" : {           "min_size" : {                    "min" : {                           "field" : "msgsize"                     }            }      } }'

but getting exception follows:

 "index" : "logstash-2015.07.30",       "shard" : 4,       "status" : 500,       "reason" : "classcastexception[org.elasticsearch.index.fielddata.plain.pagedbytesindexfielddata cannot cast org.elasticsearch.index.fielddata.indexnumericfielddata]"     } ]   },   "hits" : {     "total" : 0,     "max_score" : null,     "hits" : [ ]   },   "aggregations" : {     "min_size" : {       "value" : null     }   } }

though parsing fields correctly as:

msgsize=%{int:msgsize:int}

can me here, went wrong?

the exception typical of situation documents have been indexed logstash previous configuration msgsize field wasn't mapped int , configuration changed. end documents having msgsize string , others msgsize int, hence exception.

the solution see here, wiping indexes , re-indexing logs latest configuration.


Comments

Post a Comment

Popular posts from this blog

qt - Using float or double for own QML classes -

-
i've created components , helper methods using c++ , qt used in qml gui. of methods calculate gui elements (size, transformations, scene graph items creation). target arm 32 bit using opengl / eglfs render output. opengl using float , qml using real (defined double ). what should use in c++ do not lose precision? if use qreal ( double ) shouldn't lose precision. if git grep float in qtbase.git , can find out bit more: dist/changes-5.2.0-**************************************************************************** dist/changes-5.2.0-* important behavior changes * dist/changes-5.2.0-**************************************************************************** dist/changes-5.2.0- dist/changes-5.2.0- - qt compiled qreal typedef'ed double on dist/changes-5.2.0: platforms. qreal float on arm chipsets before. guarantees more dist/changes-5.2.0- consistent behavior between platforms qt supports, binary dist/chan...
Read more

Create Outlook appointment via C# .Net -

-
i need create outlook appointment using microsoft.office.interop.outlook , while can work locally on own workstation , works if run web application via server's browser, not work when connect server externally. hence, think might permission issue. i changed application pool identity " localsystem " don't access denied error. unfortunately, doesn't work. the app behaves if appointment created, appointment doesn't appear in outlook. here include file on top of aspx.cs page using outlook = microsoft.office.interop.outlook; here code using pop appointment. outlook.application apptapp = new outlook.application(); outlook.appointmentitem appt = apptapp.createitem(outlook.olitemtype.olappointmentitem) outlook.appointmentitem; appt.subject = txtfirstname.text + " " + txtlastname.text; appt.body = txtcomment.text; appt.alldayevent = false; appt.start = datetime.parse(txtreminderdate.text + " 8:00 am"); appt.end = datetime.p...
Read more

ios - Swift Array Resetting Itself -

-
i have 2 arrays: pointhistory , datehistory . have nstimer , , when timer runs out, action called. in action appending int pointhistory , , current date string datehistory . here timer action: func timeraction() { let steppervalue = int(stepper.value) employee.numberofpoints = steppervalue networking.saveemployee(employee, completion: { (error) -> void in if error != nil { let alert = uialertcontroller(title: "error", message: "there error updating \(self.employee.name)'s points", preferredstyle: .alert) let alertaction = uialertaction(title: "ok", style: .cancel, handler: nil) alert.addaction(alertaction) self.presentviewcontroller(alert, animated: true, completion: nil) } }) var dateformatter = nsdateformatter() dateformatter.dateformat = "mm-dd-yyyy" dateformatter.timezone = nstimezone.localtimezone() var date = nsdate() var ...
Read more