Closed jpferrero closed 6 years ago
brunotm
commented
6 years ago @jpferrero could you try this same search quoting the index name and specifying the field holding the timestamp in your Elasticsearch index?
Eg: |ess eaddr="http://localhost:9200" index="test-index-*" query="test" tsfield="@timestamp"
jpferrero
commented
6 years ago Hi!
Same error:
|ess eaddr="http://localhost:9200" index="test-index-*" query="test" tsfield="@timestamp"
11-29-2017 11:22:31.743 +0100 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/elasticsplunk/bin/elasticsplunk.py GETINFO eaddr="http://localhost:9200" index="test-index-*" query="test" tsfield="@timestamp"': 2017-11-29 11:22:31,743, Level=DEBUG, Pid=31842, Logger=splunklib, File=search_command.py, Line=572, ElasticSplunk.process started under protocol_version=1
jpferrero
commented
6 years ago Hi! The problem was the version of python-elasticsearch included in the github. I've just updated to last version and works fine!
brunotm
commented
6 years ago Thanks @jpferrero! I will update the bundled lib. Which version of elasticsearch are you using?
jpferrero
commented
6 years ago ES 6.0, and last commit from https://github.com/elastic/elasticsearch-py
Hello!
I'm trying the splunk application and when I try to perform a search in elasticsearch I get an error. The query is:
|ess eaddr="http://localhost:9200" index=test-index-* query="test"
And in the splunkd.log:
############ 11-28-2017 10:10:01.011 +0100 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/elasticsplunk/bin/elasticsplunk.py GETINFO eaddr="http://localhost:9200" index=test-index- query="test"': 2017-11-28 10:10:01,010, Level=DEBUG, Pid=23565, Logger=splunklib, File=search_command.py, Line=572, ElasticSplunk.process started under protocol_version=1 11-28-2017 10:10:01.011 +0100 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/elasticsplunk/bin/elasticsplunk.py GETINFO eaddr="http://localhost:9200" index=test-index- query="test"': 2017-11-28 10:10:01,011, Level=DEBUG, Pid=23565, Logger=splunklib, File=search_command.py, Line=579, Writing configuration settings 11-28-2017 10:10:01.012 +0100 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/elasticsplunk/bin/elasticsplunk.py GETINFO eaddr="http://localhost:9200" index=test-index- query="test"': 2017-11-28 10:10:01,011, Level=DEBUG, Pid=23565, Logger=splunklib, File=search_command.py, Line=508, metadata={u'action': u'getinfo', u'searchinfo': {u'earliest_time': None, u'dispatch_dir': None, u'owner': None, u'args': ['/opt/splunk/etc/apps/elasticsplunk/bin/elasticsplunk.py', 'GETINFO', 'eaddr="http://localhost:9200"', 'index=test-index-', 'query="test"'], u'latest_time': None, u'splunk_version': u'7.0.0', u'sid': u'searchparsetmp_1116702311', u'username': None, u'search': u'|ess eaddr="http://localhost:9200" index=test-index- query="test"', u'app': None, u'session_key': None, u'splunkd_uri': None, u'raw_args': ['/opt/splunk/etc/apps/elasticsplunk/bin/elasticsplunk.py', 'GETINFO', 'eaddr="http://localhost:9200"', 'index=test-index-', 'query="test"']}, u'preview': True}, input_header={u'truncated': u'0', u'sid': u'searchparsetmp_1116702311', u'keywords': u'""', u'splunkVersion': u'7.0.0', u'preview': u'0', u'realtime': u'0', u'allowStream': u'1', u'search': u'|ess eaddr="http://localhost:9200" index=test-index- query="test"'} ############
I'm using Splunk 7 and ES 6.
Thanks in advanced.