Field [@timestamp] of type [keyword] does not support custom formats

问题描述

执行es的聚合histogram 或者date_histogram 返回错误。

传入报文:

{
  "size":0,
  "aggs":{
    "calltime":{
      "date_histogram":{
        "field":"@timestamp",
        "interval":"minute",
        "format" : "yyyy-MM-dd'T'HH:mm:ss"
      }
    }
  }
}

返回报错:

{
   "error":    {
      "root_cause": [      {
         "type": "illegal_argument_exception",
         "reason": "Field [@timestamp] of type [keyword] does not support custom formats"
      }],
      "type": "search_phase_execution_exception",
      "reason": "all shards failed",
      "phase": "query",
      "grouped": true,
      "failed_shards": [      {
         "shard": 0,
         "index": "esb-srvlog-2019-07-21",
         "node": "nruodlnbT8u0tJKTzRs9Eg",
         "reason":          {
            "type": "illegal_argument_exception",
            "reason": "Field [@timestamp] of type [keyword] does not support custom formats"
         }
      }]
   },
   "status": 400
}

原因分析

先通过mapping看看索引的mapping:
Field [@timestamp] of type [keyword] does not support custom formats
发现@timestamp这个字段是被设置成了 keyword类型。所以es将该字段只是视为关键字的字符串,而不是日期的类型。故也就无法对该字段进行日期的统计。

解决方法

出现类似上面的这种问题,只有重新设置索引类型,将该字段改成所期望的类型,这里应该是。通过PUT方法。如:
Field [@timestamp] of type [keyword] does not support custom formats

需要注意的是,重新设置索引后只能对后面插入的文档有效,之前的文档类型不会被改变。

上一篇:Certificate Formats | Converting Certificates between different Formats


下一篇:微信商户平台绑定超级管理员