[2019-09-22T09:37:34,941][WARN ][logstash.outputs.elasticsearch] Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"logstash-2019.09.22", :_type=>"doc", :routing=>nil}, #<LogStash::Event:0x4528d597>], :response=>{"index"=>{"_index"=>"logstash-2019.09.22", "_type"=>"doc", "_id"=>nil, "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"Failed to parse mapping [_default_]: [include_in_all] is not allowed for indices created on or after version 6.0.0 as [_all] is deprecated. As a replacement, you can use an [copy_to] on mapping fields to create your own catch all field.", "caused_by"=>{"type"=>"mapper_parsing_exception", "reason"=>"[include_in_all] is not allowed for indices created on or after version 6.0.0 as [_all] is deprecated. As a replacement, you can use an [copy_to] on mapping fields to create your own catch all field."}}}}}
I upgraded from 5.6.16 to 6.8.3 and now my Elastic won't index. I've read through several similar / identical topics, but no solution has worked. I do not have a clue about what to try to do to fix this. Please help.
Thank-you!
. I found in the Kibana 7.0 Upgrade Assistant a place to reindex, but it errors out due to not having a custom _all field.