无法在elasticsearch中执行批量项

Question

当我尝试将一些数据批量导出到elasticsearch中的索引时，我遇到了一个奇怪的错误。模板已正确定义。

当我发布相同的样本时，它起作用：

POST /netflow-2016-03-08/socket
{
   "tcp_flags": "16",
   "peer_ip_src": "62.193.32.252",
   "ip_dst": "86.205.12.8",
   "@timestamp": "2016-03-08T09:31:01Z",
   "peer_as_dst": 3215,
   "port_dst": 49326,
   "tag": 100,
   "iface_out": 33,
   "peer_as_src": 0,
   "ip_src": "95.141.99.171",
   "sampling_rate": 1,
   "peer_ip_dst": "37.77.34.54",
   "flows": 1,
   "as_path": "3215",
   "bytes": 400000,
   "class": "unknown",
   "as_dst": 3215,
   "packets": 10000,
   "iface_in": 136,
   "port_src": 62804,
   "ip_proto": "tcp",
   "as_src": 0
}

但是当我的脚本从同一网络中的外部服务器推送相同的数据时，日志会给我：

[2016-03-08 09:31:02,139][DEBUG][action.bulk              ] [node-1] [netflow-2016-03-08][1] failed to execute bulk item (index) index {[netflow-2016-03-08][Netflowa][AVNVkLtQpXYe6mbeh_Kb], source[{"tcp_flags": "16", "peer_ip_src": "62.193.32.252", "ip_dst": "86.205.12.8", "@timestamp": "2016-03-08T09:31:01Z", "peer_as_dst": 3215, "port_dst": 49326, "tag": 100, "iface_out": 33, "peer_as_src": 0, "ip_src": "95.141.99.171", "sampling_rate": 1, "peer_ip_dst": "37.77.34.54", "flows": 1, "as_path": "3215", "bytes": 400000, "class": "unknown", "as_dst": 3215, "packets": 10000, "iface_in": 136, "port_src": 62804, "ip_proto": "tcp", "as_src": 0}]}
MapperParsingException[failed to parse [peer_ip_src]]; nested: NumberFormatException[For input string: "62.193.32.252"];
    at org.elasticsearch.index.mapper.FieldMapper.parse(FieldMapper.java:343)
    at org.elasticsearch.index.mapper.DocumentParser.parseObjectOrField(DocumentParser.java:318)
    at org.elasticsearch.index.mapper.DocumentParser.parseAndMergeUpdate(DocumentParser.java:765)
    at org.elasticsearch.index.mapper.DocumentParser.parseDynamicValue(DocumentParser.java:652)
    at org.elasticsearch.index.mapper.DocumentParser.parseValue(DocumentParser.java:451)
    at org.elasticsearch.index.mapper.DocumentParser.parseObject(DocumentParser.java:271)
    at org.elasticsearch.index.mapper.DocumentParser.innerParseDocument(DocumentParser.java:131)
    at org.elasticsearch.index.mapper.DocumentParser.parseDocument(DocumentParser.java:79)
    at org.elasticsearch.index.mapper.DocumentMapper.parse(DocumentMapper.java:304)
    at org.elasticsearch.index.shard.IndexShard.prepareCreate(IndexShard.java:500)
    at org.elasticsearch.index.shard.IndexShard.prepareCreateOnPrimary(IndexShard.java:481)
    at org.elasticsearch.action.index.TransportIndexAction.prepareIndexOperationOnPrimary(TransportIndexAction.java:214)
    at org.elasticsearch.action.index.TransportIndexAction.executeIndexRequestOnPrimary(TransportIndexAction.java:223)
    at org.elasticsearch.action.bulk.TransportShardBulkAction.shardIndexOperation(TransportShardBulkAction.java:326)
    at org.elasticsearch.action.bulk.TransportShardBulkAction.shardOperationOnPrimary(TransportShardBulkAction.java:119)
    at org.elasticsearch.action.bulk.TransportShardBulkAction.shardOperationOnPrimary(TransportShardBulkAction.java:68)
    at org.elasticsearch.action.support.replication.TransportReplicationAction$PrimaryPhase.doRun(TransportReplicationAction.java:595)
    at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37)
    at org.elasticsearch.action.support.replication.TransportReplicationAction$PrimaryOperationTransportHandler.messageReceived(TransportReplicationAction.java:263)
    at org.elasticsearch.action.support.replication.TransportReplicationAction$PrimaryOperationTransportHandler.messageReceived(TransportReplicationAction.java:260)
    at org.elasticsearch.transport.TransportService$4.doRun(TransportService.java:350)
    at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.NumberFormatException: For input string: "62.193.32.252"
    at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65)
    at java.lang.Long.parseLong(Long.java:589)
    at java.lang.Long.parseLong(Long.java:631)
    at org.elasticsearch.common.xcontent.support.AbstractXContentParser.longValue(AbstractXContentParser.java:145)
    at org.elasticsearch.index.mapper.core.LongFieldMapper.innerParseCreateField(LongFieldMapper.java:275)
    at org.elasticsearch.index.mapper.core.NumberFieldMapper.parseCreateField(NumberFieldMapper.java:241)
    at org.elasticsearch.index.mapper.FieldMapper.parse(FieldMapper.java:335)
    ... 24 more

正如我在一个安全的测试网络中所说的那样，是否存在阻止我批量导出数据的安全措施？我不知道发生了什么。

感谢您的帮助：）