Boolean Mapping Issue

Elastic Stack Logstash
1

Hi

My problem is we have a template defined with fields set to boolean, logstash has received numeric values for these feilds this morning ( from an old application build) and the index mapping has been set to Long ignoring the template mapping, can anyone explain why that happened? Now when we are receiving the expected values of "true" and "false" from the new build these are being rejected with

'[2017-02-17T09:09:10,542][WARN ][logstash.outputs.elasticsearch] Failed action. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"internal-2017.02.17", :_type=>"logs", :_routing=>nil}, 2017-02-17T09:08:41.388Z %{host} %{message}], :response=>{"index"=>{"_index"=>"internal-2017.02.17", "_type"=>"logs", "_id"=>"AVpLVREH9sBJhQOQebEB", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"failed to parse [IsPlayer]", "caused_by"=>{"type"=>"i_o_exception", "reason"=>"Current token (VALUE_TRUE) not numeric, can not use numeric value accessors

Here is logstash filter

        elasticsearch {
            manage_template => false
            template_name => "internal-*"
            template_overwrite => true
            hosts => localhost
            index => "internal-%{+YYYY.MM.dd}"
    }

Here is the template
{
"internal-": {
"order": 0,
"template": "internal-",
"settings": {
"index": {
"number_of_replicas": "0",
"mapping": {
"ignore_malformed": "true"
},
"refresh_interval": "30s"
}
},
"mappings": {
"logs": {
"dynamic_templates": [
{
"strings": {
"mapping": {
"type": "keyword"
},
"match_mapping_type": "string"
}
},
{
"norms": {
"mapping": {
"norms": {
"enabled": false
}
},
"match_mapping_type": "*"
}
}
],
"properties": {
"EnemyIsPlayer": {
"type": "boolean"
},
"IsPlayer": {
"type": "boolean"
}
}
}
},
"aliases": {}
}
}

Here is the resultant mapping.
{
"internal-2017.02.17": {
"mappings": {
"logs": {
"dynamic_templates": [
{
"strings": {
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
},
{
"norms": {
"match_mapping_type": "*",
"mapping": {
"norms": {
"enabled": false
}
}
}
}
],
"properties": {
"EnemyIsPlayer": {
"type": "long"
},
"IsPlayer": {
"type": "long"
}
}
}
}
}
}

The stack is all 5.1.1 logstash and elasticsearch

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.