您好,当我尝试将值添加到elasticseach中的现有数组字段时,我收到此错误,并且我的logstash输出配置为:
elasticsearch {
document_id => 1
action => "update"
hosts => ["X.X.X.X:9200"]
index => "test"
script_lang => "painless"
script_type => "inline"
script => 'ctx._source.arrat.add(event("[file][fuid]"))'
}
我得到的错误是
错误" => {"输入" =>" illegal_argument_exception","原因" =>"未能执行脚本& #34;," caused_by" => {"输入" =>" script_exception","原因" =>&#34 ;编译错误"," script_stack" => [" ctx._source.arrat.add(事件(\" [file] [fuid] \") )"," ^ ----这里"],"脚本" =>" ctx._source.arrat.add(事件(\" [file] [fuid] \&# 34;))"," lang" =>"无痛"," caused_by" => {"类型" = >" illegal_argument_exception"," reason" =>"未知使用[1]参数调用[event]。"}}}}}}。
以下是logstash配置
input {
beats {
port => "12109"
}
}
filter {
mutate {
id => "brolog-files-rename-raw-fields"
rename => { "[ts]" => "[file][ts]"
"[fuid]" => "[file][fuid]"
"[tx_hosts]" => "[file][tx_hosts]"
"[rx_hosts]" => "[file][rx_hosts]"
"[conn_uids]" => "[file][conn_uids]"
"[source]" => "[file][source]"
"[depth]" => "[file][depth]"
"[analyzers]" => "[file][analyzers]"
"[mime_type]" => "[file][mime_type]"
"[duration]" => "[file][duration]"
"[is_orig]" => "[file][is_orig]"
"[seen_bytes]" => "[file][seen_bytes]"
"[missing_bytes]" => "[file][missing_bytes]"
"[overflow_bytes]" => "[file][overflow_bytes]"
"[timedout]" => "[file][timedout]"
"[md5]" => "[file][md5]"
"[sha1]" => "[file][sha1]"
}
}
}
output{
stdout { codec => rubydebug}
elasticsearch {
document_id => 1
action => "update"
doc_as_upsert => "true"
hosts => ["X.X.X.X:9200"]
index => "test"
script_lang => "painless"
script_type => "inline"
script => 'ctx._source.arrat.add(event.[file][fuid])'
}
}
我以json格式获取数据。