ananer
commented
6 years ago I stepped away from working on this for a while after early failures but I'm back at it again. I have the most recent pull but I still get the same results. Here's the output from _internal
09-18-2018 11:05:48.633 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/elasticsplunk/bin/elasticsplunk.py GETINFO eaddr="http://localhost:9200" tsfield="@timestamp" index="logs-2018-09-18" query="directionName:Local" limit="50"': 2018-09-18 11:05:48,633, Level=DEBUG, Pid=5187, Logger=splunklib, File=search_command.py, Line=624, ElasticSplunk.process finished under protocol_version=1 09-18-2018 11:05:48.633 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/elasticsplunk/bin/elasticsplunk.py GETINFO eaddr="http://localhost:9200" tsfield="@timestamp" index="logs-2018-09-18" query="directionName:Local" limit="50"': 2018-09-18 11:05:48,632, Level=DEBUG, Pid=5187, Logger=splunklib, File=internals.py, Line=155, ElasticSplunk: elasticsplunk eaddr="http://localhost:9200" index="logs-2018-09-18" limit="50" query="directionName:Local" tsfield="@timestamp" 09-18-2018 11:05:48.632 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/elasticsplunk/bin/elasticsplunk.py GETINFO eaddr="http://localhost:9200" tsfield="@timestamp" index="logs-2018-09-18" query="directionName:Local" limit="50"': 2018-09-18 11:05:48,632, Level=DEBUG, Pid=5187, Logger=splunklib, File=internals.py, Line=119, Parsing ElasticSplunk command line: ['eaddr="http://localhost:9200"', 'tsfield="@timestamp"', 'index="logs-2018-09-18"', 'query="directionName:Local"', 'limit="50"'] 09-18-2018 11:05:48.632 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/elasticsplunk/bin/elasticsplunk.py GETINFO eaddr="http://localhost:9200" tsfield="@timestamp" index="logs-2018-09-18" query="directionName:Local" limit="50"': 2018-09-18 11:05:48,632, Level=DEBUG, Pid=5187, Logger=splunklib, File=search_command.py, Line=515, tempfile.tempdir=None 09-18-2018 11:05:48.632 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/elasticsplunk/bin/elasticsplunk.py GETINFO eaddr="http://localhost:9200" tsfield="@timestamp" index="logs-2018-09-18" query="directionName:Local" limit="50"': 2018-09-18 11:05:48,632, Level=DEBUG, Pid=5187, Logger=splunklib, File=search_command.py, Line=508, metadata={u'preview': True, u'action': u'getinfo', u'searchinfo': {u'splunkd_uri': None, u'splunk_version': u'7.1.2', u'username': None, u'session_key': None, u'search': u'|ess eaddr="http://localhost:9200" tsfield="@timestamp" index="logs-2018-09-18" query="directionName:Local" limit="50"', u'args': ['/opt/splunk/etc/apps/elasticsplunk/bin/elasticsplunk.py', 'GETINFO', 'eaddr="http://localhost:9200"', 'tsfield="@timestamp"', 'index="logs-2018-09-18"', 'query="directionName:Local"', 'limit="50"'], u'raw_args': ['/opt/splunk/etc/apps/elasticsplunk/bin/elasticsplunk.py', 'GETINFO', 'eaddr="http://localhost:9200"', 'tsfield="@timestamp"', 'index="logs-2018-09-18"', 'query="directionName:Local"', 'limit="50"'], u'sid': u'searchparsetmp_594305419', u'latest_time': None, u'owner': None, u'app': None, u'earliest_time': None, u'dispatch_dir': None}}, input_header={u'keywords': u'""', u'realtime': u'0', u'search': u'|ess eaddr="http://localhost:9200" tsfield="@timestamp" index="logs-2018-09-18" query="directionName:Local" limit="50"', u'preview': u'0', u'sid': u'searchparsetmp_594305419', u'splunkVersion': u'7.1.2', u'allowStream': u'1', u'truncated': u'0'} 09-18-2018 11:05:48.632 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/elasticsplunk/bin/elasticsplunk.py GETINFO eaddr="http://localhost:9200" tsfield="@timestamp" index="logs-2018-09-18" query="directionName:Local" limit="50"': 2018-09-18 11:05:48,631, Level=DEBUG, Pid=5187, Logger=splunklib, File=search_command.py, Line=579, Writing configuration settings 09-18-2018 11:05:48.631 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/elasticsplunk/bin/elasticsplunk.py GETINFO eaddr="http://localhost:9200" tsfield="@timestamp" index="logs-2018-09-18" query="directionName:Local" limit="50"': 2018-09-18 11:05:48,631, Level=DEBUG, Pid=5187, Logger=splunklib, File=search_command.py, Line=572, ElasticSplunk.process started under protocol_version=1
p0m1d0rka
I am able to run the following and get results returned:
| ess eaddr="http://localhost:9200" action="cluster-health" | ess eaddr="http://localhost:9200" action="indices-list"
But, when I run something like the below I get no errors and no results returned. When I try the same query from within Kibana get results returned.
| ess eaddr="http://localhost:9200" tsfield=@timestamp index="logs*" query="directionName:Local" limit="50"
Are there expected versions for compatibility? Currently the Lucene version is 6.6.0. Any guidance is appreciated.