<img src="//i.stack.imgur.com/RUiNP.png" height="16" width="18" alt="" class="sponsor tag img">elasticsearch 弹性更新上的非法\u参数\u异常_<img Src="//i.stack.imgur.com/RUiNP.png" Height="16" Width="18" Alt="" Class="sponsor Tag Img">elasticsearch_Kibana

elasticsearch 弹性更新上的非法\u参数\u异常

kibana

elasticsearch 弹性更新上的非法\u参数\u异常,elasticsearch,kibana,elasticsearch,Kibana,我正在尝试使用Kibana更新ElasticSearch中文档中字段的值。但是，我收到一条错误消息，这是我的查询： POST /index/vzxk7HQBdfw0RPwEar9k/_update { "doc" : { "tags" : "test tags" } } 弹性体返回的错误： "error" : { "root_cause" : [ {

我正在尝试使用Kibana更新ElasticSearch中文档中字段的值。但是，我收到一条错误消息，这是我的查询：

POST /index/vzxk7HQBdfw0RPwEar9k/_update
{
    "doc" : {
        "tags" : "test tags"
    }
}

弹性体返回的错误：

"error" : {
"root_cause" : [
  {
    "type" : "illegal_argument_exception",
    "reason" : "field [host] not present as part of path [host.name]"
  }
],
"type" : "illegal_argument_exception",
"reason" : "field [host] not present as part of path [host.name]"
},
"status" : 400

其中vzxk7HQBdfw0RPwEar9k是文档id。文件如下：

{
    "_index" : "index-2020.10.03-000001",
    "_type" : "_doc",
    "_id" : "vzxk7HQBdfw0RPwEar9k",
    "_score" : 1.0,
    "_source" : {
      "agent" : {
        "id" : "2",
        "type" : "soft",
        "version" : "1.0"
      },
      "@timestamp" : "2020-10-02T20:43:44.3670000+00:00",
      "ecs" : {
        "version" : "1.5.0"
      },
      "organization" : {
        "name" : "org",
        "id" : "1"
      },
      "host" : {
        "hostname" : "PSFT-WINPPMISQL",
        "name" : "PSFT-WINPPMISQL",
        "type" : "system"
      }
    }
  }

我不确定这是否与错误有关，但以下是我的浓缩策略：

{
    "policies" : [
    {
      "config" : {
        "match" : {
          "name" : "index",
          "indices" : [
            "index"
          ],
          "match_field" : "host.name",
          "enrich_fields" : [
            "tags",
            "labels"
          ]
        }
      }
    }
   ]
}

以及摄入管道：

{
    "index" : {
    "description" : "index",
    "processors" : [
      {
        "enrich" : {
          "field" : "host.name",
          "policy_name" : "index",
          "target_field" : "host.name"
        }
      }
   ]
  }
}

我还试图添加一个虚拟字段，但没有效果（我不确定这是否也相关）：

返回错误：

"error" : {
    "root_cause" : [
      {
        "type" : "mapper_parsing_exception",
        "reason" : "failed to parse field [host.name] of type [text] in document with id 'vzxk7HQBdfw0RPwEar9k'. Preview of field's value: '{host={name=PSFT-WINPPMISQL}}'"
      }
    ],
    "type" : "mapper_parsing_exception",
    "reason" : "failed to parse field [host.name] of type [text] in document with id 'vzxk7HQBdfw0RPwEar9k'. Preview of field's value: '{host={name=PSFT-WINPPMISQL}}'",
    "caused_by" : {
      "type" : "illegal_state_exception",
      "reason" : "Can't get text on a START_OBJECT at 1:243"
    }
  },

"error" : {
    "root_cause" : [
      {
        "type" : "mapper_parsing_exception",
        "reason" : "failed to parse field [host.name] of type [text] in document with id 'vzxk7HQBdfw0RPwEar9k'. Preview of field's value: '{host={name=PSFT-WINPPMISQL}}'"
      }
    ],
    "type" : "mapper_parsing_exception",
    "reason" : "failed to parse field [host.name] of type [text] in document with id 'vzxk7HQBdfw0RPwEar9k'. Preview of field's value: '{host={name=PSFT-WINPPMISQL}}'",
    "caused_by" : {
      "type" : "illegal_state_exception",
      "reason" : "Can't get text on a START_OBJECT at 1:243"
    }
  },