[SOLVED] No mapping found for [@timestamp] in order to sort logstash

No mapping found for [@timestamp] in order to sort logstash

I am getting this error "No mapping found for [@timestamp] in order to sort logstash"

My conf file

input { elasticsearch {
 
 hosts => ["localhost"]
 index => "employees_data"
 query => '{ "query": { "match_all": { } } }'
 scroll => "5m"
 docinfo => true}}filter {elasticsearch {
 hosts => ["localhost"]
 index => "transaction_data"
 query => "code:1"
 fields => { 
             "code"=>"Code"
             "payment" => "Payment"
             "moth"=>"Month"}}}output {elasticsearch { hosts => ["localhost"]index => "join"}}

Solution

This is because of the sort parameter of the elasticsearch filter plugin. If unspecified, it defaults to @timestamp:desc and you probably don't have that field.

Just make the following change and you should be good to go:

filter {
    elasticsearch {
        hosts => ["localhost"]
        index => "transaction_data"
        query => "code:1"
        sort => "code:asc"                   <--- add this line
        fields => {
            "code"=>"Code"
            "payment" => "Payment"
            "moth"=>"Month"
        }
    }
}