Cannot index event publisher.Event ... Root mapping definition has unsupported parameters: [_all : {norms=false}]"}}

Hi,

I try to use packetbeat, but receive the following error and no indices are created. What is the problem there?

2019-07-17T10:27:51.246+0200 WARN elasticsearch/client.go:527 Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xbf43d4e182e68b7b, ext:10354643272, loc:(*time.Location)(0x2886540)}, Meta:common.MapStr(nil), Fields:common.MapStr{"agent":common.MapStr{"ephemeral_id":"af96deb6-a59b-43bc-bbab-c9d7b4f2c961", "hostname":"q4deumsy0w2", "id":"5f92980f-152c-4e33-86b6-6e5fff1dfd22", "type":"packetbeat", "version":"7.2.0"}, "destination":common.MapStr{"ip":"192.168.123.255", "port":0x89}, "ecs":common.MapStr{"version":"1.0.0"}, "event":common.MapStr{"action":"network_flow", "category":"network_traffic", "dataset":"flow", "duration":762126511, "end":common.Time{wall:0x1a240650, ext:63698948869, loc:(*time.Location)(nil)}, "kind":"event", "start":common.Time{wall:0x2851af9e, ext:63698948868, loc:(*time.Location)(nil)}}, "flow":common.MapStr{"final":false, "id":"EAL/////AP////8I//8AAAHAqHoKwKh7/4kAiQA"}, "host":common.MapStr{"architecture":"x86_64", "containerized":false, "hostname":"q4deumsy0w2", "id":"3499004948574b048702e521999c7fde", "name":"q4deumsy0w2", "os":common.MapStr{"codename":"Core", "family":"redhat", "kernel":"3.10.0-957.21.2.el7.x86_64", "name":"CentOS Linux", "platform":"centos", "version":"7 (Core)"}}, "network":common.MapStr{"bytes":0x3ac, "community_id":"1:UqHmJmaPmO6eLMmnnuoo97NzW+I=", "packets":0xa, "transport":"udp", "type":"ipv4"}, "source":common.MapStr{"bytes":0x3ac, "ip":"192.168.122.10", "packets":0xa, "port":0x89}, "type":"flow"}, Private:interface {}(nil), TimeSeries:false}, Flags:0x0} (status=400): {"type":"mapper_parsing_exception","reason":"Failed to parse mapping [default]: Root mapping definition has unsupported parameters: [_all : {norms=false}]","caused_by":{"type":"mapper_parsing_exception","reason":"Root mapping definition has unsupported parameters: [_all : {norms=false}]"}}

Best regards,
Robert

This happens even with a freshly installed packetbeat without any changes to the configuration.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.