Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Terms aggregations parse failure for date and ip fields #17705

Closed
markharwood opened this issue Apr 13, 2016 · 4 comments
Closed

Terms aggregations parse failure for date and ip fields #17705

markharwood opened this issue Apr 13, 2016 · 4 comments
Assignees
@markharwood
Labels
:Analytics/Aggregations Aggregations >bug

Comments

@markharwood
Copy link
Contributor

The include clause on the terms and significant_terms aggregations has a parse failure for string values provided for date and ip field types.
Steps to reproduce:

PUT test
{
   "settings": {
      "number_of_replicas": 0,
      "number_of_shards":1
   },
   "mappings": {
      "test": {

         "properties": {
            "stringField": {
               "type": "string"
            },
            "dateTimeField": {
               "type": "date",
                "format": "date_time"
            },
            "ipField": {
               "type": "ip"
            }
         }
      }
   }
}

POST test/test
{"stringField":"bar","ipField":"192.168.1.0", "dateTimeField":"2016-04-11T14:02:39.593Z"}

GET test/_search
{
    "size":0,
   "aggs": {
      "this_works": {
         "terms": {
            "field": "stringField",
            "include":["bar"]            
         }
      }
   }
}
GET test/_search
{
    "size":0,
   "aggs": {
      "this_does_not_work": {
         "terms": {
            "field": "ipField",
            "include":["192.168.1.0"]

         }
      }
   }
}
GET test/_search
{
    "size":0,
   "aggs": {
      "this_does_not_work": {
         "terms": {
            "field": "dateTimeField",
            "include":["2016-04-11T14:02:39.593Z"]

         }
      }
   }
}

The error returned is of the following type

{
   "error": {
      "root_cause": [
         {
            "type": "number_format_exception",
            "reason": "For input string: \"2016-04-11T14:02:39.593Z\""
         }
      ],
      "type": "search_phase_execution_exception",
      "reason": "all shards failed",
      "phase": "query_fetch",
      "grouped": true,
      "failed_shards": [
         {
            "shard": 0,
            "index": "test",
            "node": "Qz_UtnGzTOeYEDLeOgTQLw",
            "reason": {
               "type": "number_format_exception",
               "reason": "For input string: \"2016-04-11T14:02:39.593Z\""
            }
         }
      ]
   },
   "status": 400
}
@markharwood markharwood self-assigned this Apr 13, 2016
@skearns64 skearns64 mentioned this issue Apr 14, 2016
Closed
@ycombinator ycombinator mentioned this issue Apr 14, 2016
Closed
@markharwood
Copy link
Contributor Author

As part of fixing this I've also discovered that the formatting of IP bucket keys for terms agg has changed in master. Previously we had a key value that was a long and a formatted 'key_as_string' - now we just have a single key value with an ugly encoding as can be seen in this screenshot:
sense - a json aware interface to elasticsearch
This is a side-effect of switching over to byte representations for IPV6 I expect and consequently the shift to StringTerms for the buckets.
I'm not sure how much of a problem the ugly key is is but I will add back a friendlier "key_as_string" addition for readable IP addresses.

@clintongormley
Copy link

@jpountz only ip address fields still return key_as_string but this seems to be missing for point fields.

This was referenced Apr 26, 2016
Closed
Merged
@jpountz
Copy link
Contributor

jpountz commented Apr 27, 2016

@clintongormley @markharwood I opened #18003.

@markharwood
Copy link
Contributor Author

I started this work on formatting include/exclude agg criteria appropriately but it's in the same areas Adrien is currently fixing with formatting agg results appropriately in #18003

So blocked on 18003 for now.

@markharwood markharwood mentioned this issue May 17, 2016
Closed
markharwood added a commit to markharwood/elasticsearch that referenced this issue May 17, 2016
@markharwood
Aggregations fix: support include/exclude strings formatted for IP an…
babbda5 
…d date fields in terms and significant_terms aggregations.

Closes elastic#17705
@benwtrent benwtrent mentioned this issue Jan 3, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@markharwood markharwood

Labels
:Analytics/Aggregations Aggregations >bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@clintongormley @markharwood @jpountz