sentinl: MapperParsingException[Field name [...] cannot contain '.'
I am trying to get notifications for “topbeat” metrics. As an example, when percent of disk space used is above threshold.
In short, on watcher save I get the error: MapperParsingException[Field name [fs.used_p] cannot contain '.']
Here’s the details:
The query working in Sense:
GET _search
{
"query": {
"filtered": {
"query": {
"query_string": {
"query": "type: filesystem",
"analyze_wildcard": true
}
},
"filter": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": "now-10m",
"lte": "now"
}
}
},
{
"range": {
"fs.used_p": {
"gte": 0.1
}
}
}
],
"must_not": []
}
}
}
},
"size": 1,
"aggs": {
"device_name": {
"terms": {
"field": "fs.mount_point",
"size": 100
},
"aggs": {
"used_p": {
"avg": {
"field": "fs.used_p"
}
}
}
}
}
}
And here is result from ES:
{
"took": 84,
"timed_out": false,
"_shards": {
"total": 368,
"successful": 368,
"failed": 0
},
"hits": {
"total": 2,
"max_score": 3.1690538,
"hits": [
{
"_index": "topbeat-2016.10.12",
"_type": "filesystem",
"_id": "AVe4XqQQLJiUKvRzXlL2",
"_score": 3.1690538,
"_source": {
"type": "filesystem",
"fs": {
"device_name": "/dev/vda1",
"total": 31570522112,
"used": 4357283840,
"used_p": 0.14,
"free": 27213238272,
"avail": 25585963008,
"files": 1966080,
"free_files": 1820159,
"mount_point": "/"
},
"count": 1,
"beat": {
"hostname": "h2",
"name": "h2"
},
"@timestamp": "2016-10-12T10:09:50.457Z",
"@version": "1",
"host": "h2",
"tags": [
"beats_input_raw_event"
]
}
}
]
},
"aggregations": {
"device_name": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "/",
"doc_count": 2,
"used_p": {
"value": 0.14000000059604645
}
}
]
}
}
}
Now I am trying to save this watcher in KAAE:
{
"_index": "watcher",
"_type": "watch",
"_id": "test",
"_score": 1,
"_source": {
"trigger": {
"schedule": {
"later": "every 10 seconds"
}
},
"input": {
"search": {
"request": {
"index": [
"<topbeat-{now/d}>"
],
"body": {
"query": {
"filtered": {
"query": {
"query_string": {
"query": "type: filesystem",
"analyze_wildcard": true
}
},
"filter": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": "now-10m",
"lte": "now"
}
}
},
{
"range": {
"fs.used_p": {
"gte": 0.1
}
}
}
],
"must_not": []
}
}
}
}
}
}
}
},
"condition": {
"script": {
"script": "payload.hits.total > 0"
}
},
"transform": {},
"actions": {
"email_admin": {
"email": {
"to": "...@gmail.com",
"from": "kaae@localhost",
"subject": "KaaE Alarm",
"priority": "high",
"body": "Found Events"
}
}
}
}
}
And getting the error:
Oct 12 06:04:43 elasticsearch[3462]: [2016-10-12 06:04:43,179][DEBUG][action.admin.indices.mapping.put] [] failed to put mappings on indices [[watcher]], type [watch]
Oct 12 06:04:43 elasticsearch[3462]: MapperParsingException[Field name [fs.used_p] cannot contain '.']
But this query works in Sense, and I am stuck with it. Could you please tell me what I am doing wrong and how to achieve my goal?
About this issue
- Original URL
- State: closed
- Created 8 years ago
- Comments: 21
Thanks @lmangani, you’re an awesome maintainer