Not able to sort a query result by a given field

scampuza · August 16, 2017, 4:20pm

Hi !!

I performed an upgrade from GL 2.2 to 2.3 just this week. The upgrade itself was kind of smooth. I upgraded ES from 2.4 to 5.5.

What is not working right now is if I try to sort a query result in GL, given a specific field, in this case, server_response_time, I got the following error on GL GUI:

Could not execute search
There was an error executing your search. Please check your Graylog server logs for more information.

Error Message:
Unable to perform search query.
Details:
Search status code:
500
Search response:
cannot GET http://10.10.0.123:12900/api/search/universal/absolute?query=server_response_time%3A>45000&from=2017-08-16T14%3A13%3A54.000Z&to=2017-08-16T14%3A31%3A57.000Z&limit=150&sort=server_response_time%3Adesc (500)

And this is the error in ES:

ES LOG

org.elasticsearch.transport.RemoteTransportException: [3AhCLKK][10.10.0.121:9300][indices:data/read/search[phase/query]]
Caused by: org.elasticsearch.index.query.QueryShardException: No mapping found for [server_response_time] in order to sort on
at org.elasticsearch.search.sort.FieldSortBuilder.build(FieldSortBuilder.java:262) ~[elasticsearch-5.5.1.jar:5.5.1]
at org.elasticsearch.search.sort.SortBuilder.buildSort(SortBuilder.java:156) ~[elasticsearch-5.5.1.jar:5.5.1]
at org.elasticsearch.search.SearchService.parseSource(SearchService.java:630) ~[elasticsearch-5.5.1.jar:5.5.1]
at org.elasticsearch.search.SearchService.createContext(SearchService.java:481) ~[elasticsearch-5.5.1.jar:5.5.1]
at org.elasticsearch.search.SearchService.createAndPutContext(SearchService.java:457) ~[elasticsearch-5.5.1.jar:5.5.1]
at org.elasticsearch.search.SearchService.executeQueryPhase(SearchService.java:253) ~[elasticsearch-5.5.1.jar:5.5.1]
at org.elasticsearch.action.search.SearchTransportService$6.messageReceived(SearchTransportService.java:330) ~[elasticsearch-5.5.1.jar:5.5.1]
at org.elasticsearch.action.search.SearchTransportService$6.messageReceived(SearchTransportService.java:327) ~[elasticsearch-5.5.1.jar:5.5.1]
at org.elasticsearch.transport.RequestHandlerRegistry.processMessageReceived(RequestHandlerRegistry.java:69) ~[elasticsearch-5.5.1.jar:5.5.1]
at org.elasticsearch.transport.TcpTransport$RequestHandler.doRun(TcpTransport.java:1544) ~[elasticsearch-5.5.1.jar:5.5.1]
at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:638) ~[elasticsearch-5.5.1.jar:5.5.1]
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) ~[elasticsearch-5.5.1.jar:5.5.1]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) ~[?:1.8.0_121]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) ~[?:1.8.0_121]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_121]

What could be happening ??

How can I fix the mapping ?

scampuza · August 16, 2017, 4:28pm

This is the query being executed at ES:

[SearchRequest{searchType=QUERY_THEN_FETCH, indices=[surplus_260, surplus_263, surplus_264, surplus_261, surplus_262, surplus_223, surplus_267, surplus_224, surplus_268, surplus_265, surplus_266, surplus_258, surplus_259, publicpurchase__359, doclibrary__351, surplus_270, surplus_271, surplus_230, surplus_274, surplus_231, surplus_275, surplus_272, surplus_273, surplus_234, surplus_278, surplus_235, surplus_279, surplus_312, graylog_116, surplus_232, surplus_276, surplus_233, surplus_277, surplus_310, surplus_227, surplus_228, surplus_225, surplus_269, surplus_226, surplus_229, fail2ban__360, surplus_281, surplus_282, surplus_280, surplus_241, surplus_242, surplus_240, surplus_245, surplus_246, surplus_243, surplus_244, surplus_238, surplus_239, surplus_236, surplus_237, fail2ban__353, publicsurplus__375, surplus_252, surplus_253, surplus_250, surplus_251, surplus_256, surplus_257, surplus_254, surplus_255, surplus_249, surplus_247, surplus_248], indicesOptions=IndicesOptions[id=38, ignore_unavailable=false, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=true, forbid_closed_indices=true], types=[message], routing=‘null’, preference=‘null’, requestCache=null, scroll=null, source={
“from” : 0,
“size” : 150,
“query” : {
“bool” : {
“must” : [
{
“match_all” : {
“boost” : 1.0
}
}
],
“filter” : [
{
“bool” : {
“must” : [
{
“range” : {
“timestamp” : {
“from” : “2017-08-16 16:10:59.173”,
“to” : “2017-08-16 16:25:59.173”,
“include_lower” : true,
“include_upper” : true,
“boost” : 1.0
}
}
}
],
“disable_coord” : false,
“adjust_pure_negative” : true,
“boost” : 1.0
}
}
],
“disable_coord” : false,
“adjust_pure_negative” : true,
“boost” : 1.0
}
},
“sort” : [
{
“server_response_time” : {
“order” : “asc”
}
}
]
}}] lastShard [true]

system · August 30, 2017, 4:28pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Sorting on custom date field, error 500 Graylog Central (peer support)	2	1022	October 8, 2018
Graylog 2.3.1 not able to sort query by numeric field. 500 error Graylog Central (peer support)	1	1071	November 14, 2017
No mapping found Graylog Central (peer support)	4	2189	June 27, 2018
Elasticsearch cannot parse timestamp Graylog Central (peer support)	2	2298	May 14, 2018
ES fielddata java exception has broken graylog Graylog Central (peer support)	8	999	May 14, 2019

Not able to sort a query result by a given field

Related Topics