When defining a new monitor (under alerting) and selecting the type Per document monitor, the monitor saves with the error:
[alerting_exception] analyzer [analyzer_keyword] has not been configured in mappings
(See Screenshot 1 for further details)
Furthermore, when “testing” the query it times out (Screenshot 2)
Steps to reproduce the behavior
- Go to Alerting>Monitors>Create monitor
- Select
Per document monitor, select any index and choose a query - Go to Preview query and performance and wait…
- Try to save the monitor
host/environment?
- OS: Centos7
- Opensearch Version: 2.7.0
- Opensearch-Dashboards Version: 2.7.0
NOTE
We are ingesting the logs using graylog.
Configuration:
Index-Settings:
{
"rpz_0": {
"settings": {
"index": {
"number_of_shards": "4",
"provided_name": "rpz_0",
"creation_date": "1649938793819",
"analysis": {
"analyzer": {
"analyzer_keyword": {
"filter": "lowercase",
"tokenizer": "keyword"
}
}
},
"number_of_replicas": "0",
"uuid": "e8NRlQCHQfau984C3QGMPQ",
"version": {
"created": "7100299",
"upgraded": "136287827"
}
}
}
}
}
Index-Mapping:
{
"rpz_0": {
"mappings": {
"dynamic_templates": [
{
"internal_fields": {
"match": "gl2_*",
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
},
{
"store_generic": {
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
}
],
"properties": {
"@metadata_beat": {
"type": "keyword"
},
"@metadata_type": {
"type": "keyword"
},
"@metadata_version": {
"type": "keyword"
},
"@timestamp": {
"type": "date"
},
"agent_ephemeral_id": {
"type": "keyword"
},
"agent_name": {
"type": "keyword"
},
"beats_type": {
"type": "keyword"
},
"client_id": {
"type": "keyword"
},
"event_action": {
"type": "keyword"
},
"full_message": {
"type": "text",
"analyzer": "standard"
},
"gl2_accounted_message_size": {
"type": "long"
},
"gl2_message_id": {
"type": "keyword"
},
"gl2_processing_error": {
"type": "keyword"
},
"gl2_processing_timestamp": {
"type": "date",
"format": "uuuu-MM-dd HH:mm:ss.SSS"
},
"gl2_receive_timestamp": {
"type": "date",
"format": "uuuu-MM-dd HH:mm:ss.SSS"
},
"gl2_remote_ip": {
"type": "keyword"
},
"gl2_remote_port": {
"type": "long"
},
"gl2_source_input": {
"type": "keyword"
},
"gl2_source_node": {
"type": "keyword"
},
"host_name": {
"type": "keyword"
},
"hostname": {
"type": "keyword"
},
"log_file_path": {
"type": "keyword"
},
"log_offset": {
"type": "long"
},
"loglevel": {
"type": "keyword"
},
"message": {
"type": "text",
"analyzer": "standard"
},
"query_action": {
"type": "keyword"
},
"query_class": {
"type": "keyword"
},
"query_name": {
"type": "keyword"
},
"query_type": {
"type": "keyword"
},
"rpz_category": {
"type": "keyword"
},
"rpz_message": {
"type": "keyword"
},
"rpz_zone": {
"type": "keyword"
},
"source": {
"type": "text",
"analyzer": "analyzer_keyword",
"fielddata": true
},
"source_ip": {
"type": "keyword"
},
"source_port": {
"type": "keyword"
},
"streams": {
"type": "keyword"
},
"timestamp": {
"type": "date",
"format": "uuuu-MM-dd HH:mm:ss.SSS"
},
"url_domain": {
"type": "keyword"
},
"url_short": {
"type": "keyword"
}
}
}
}
}
Screenshots
“new users can only put one embedded media item in a post.”
So, here we go with multiple screenshots in one media…
