Details
-
Bug
-
Status: Done
-
Major
-
Resolution: Done
-
None
-
None
Description
Steps to Replicate:
1. Create a meta-alert.
2. Escalate the meta-alert.
3. Submit another search that filters the results to only show meta-alerts.
4. Sort the results by “alert_status” field.
5. The search will not return any meta-alerts in the results.
6. The REST log will contain the exception shown above.
18/11/12 22:25:50 ERROR dao.ElasticsearchRequestSubmitter: Shard search failure [1/1]; reason=ElasticsearchException: Elasticsearch exception [type=illegal_argument_exception, reason=Fielddata is disabled on text fields by default. Set fielddata=true on [alert_status] in order to load fielddata in memory by uninverting the inverted index. Note that this can however use significant memory. Alternatively use a keyword field instead.], index=metaalert_index, shard=0, status=INTERNAL_SERVER_ERROR, nodeId=uuG7-lZoSiaowJK_cUD4IQ ElasticsearchException[Elasticsearch exception [type=illegal_argument_exception, reason=Fielddata is disabled on text fields by default. Set fielddata=true on [alert_status] in order to load fielddata in memory by uninverting the inverted index. Note that this can however use significant memory. Alternatively use a keyword field instead.]] at org.elasticsearch.ElasticsearchException.innerFromXContent(ElasticsearchException.java:490) at org.elasticsearch.ElasticsearchException.fromXContent(ElasticsearchException.java:406) at org.elasticsearch.action.search.ShardSearchFailure.fromXContent(ShardSearchFailure.java:205) at org.elasticsearch.action.search.SearchResponse.fromXContent(SearchResponse.java:297) at org.elasticsearch.client.RestHighLevelClient.parseEntity(RestHighLevelClient.java:526) at org.elasticsearch.client.RestHighLevelClient.lambda$performRequestAndParseEntity$2(RestHighLevelClient.java:382) at org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:413) at org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:382) at org.elasticsearch.client.RestHighLevelClient.search(RestHighLevelClient.java:323) at org.apache.metron.elasticsearch.dao.ElasticsearchRequestSubmitter.submitSearch(ElasticsearchRequestSubmitter.java:62) at org.apache.metron.elasticsearch.dao.ElasticsearchSearchDao.search(ElasticsearchSearchDao.java:128) at org.apache.metron.elasticsearch.dao.ElasticsearchDao.search(ElasticsearchDao.java:191) at org.apache.metron.elasticsearch.dao.ElasticsearchMetaAlertSearchDao.search(ElasticsearchMetaAlertSearchDao.java:81) at org.apache.metron.elasticsearch.dao.ElasticsearchMetaAlertDao.search(ElasticsearchMetaAlertDao.java:209) at org.apache.metron.rest.service.impl.SearchServiceImpl.search(SearchServiceImpl.java:92) at org.apache.metron.rest.controller.SearchController.search(SearchController.java:54)
Attachments
Attachments
Issue Links
- links to
