Could not index event to elasticsearch not sure why

Elastic Stack Elasticsearch
1

[2018-06-21T10:54:08,459][INFO ][logstash.outputs.elasticsearch] Using mapping template from {:path=>nil}
[2018-06-21T10:54:08,507][INFO ][logstash.outputs.elasticsearch] Attempting to install template {:manage_template=>{"template"=>"logstash-", "version"=>60001, "settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"default"=>{"dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword", "ignore_above"=>256}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date"}, "@version"=>{"type"=>"keyword"}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}}}
[2018-06-21T10:54:08,577][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["http://localhost:9200/"]}
[2018-06-21T10:54:08,692][INFO ][logstash.inputs.http_poller] Registering http_poller Input {:type=>nil, :schedule=>{"cron"=>"*/2 * * * *"}, :timeout=>nil}
[2018-06-21T10:54:08,771][INFO ][logstash.pipeline ] Pipeline started succesfully {:pipeline_id=>"main", :thread=>"#<Thread:0x71b35d93 run>"}
[2018-06-21T10:54:08,955][INFO ][logstash.agent ] Pipelines running {:count=>1, :pipelines=>["main"]}
[2018-06-21T10:56:01,651][WARN ][logstash.outputs.elasticsearch] Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"awscloudhealth", :_type=>"doc", :_routing=>nil}, #LogStash::Event:0x717005ba], :response=>{"index"=>{"_index"=>"awscloudhealth", "_type"=>"doc", "_id"=>"xODYImQBvS4rOSxdWow6", "status"=>400, "error"=>{"type"=>"illegal_argument_exception", "reason"=>"mapper [dimensions.time.label] of different type, current_type , merged_type [text]"}}}}

CONFIG FILE

input {
http_poller {
urls => {
ch_costapi => {
method => "GET"
url => "xxxx"
headers => {
Accept => "application/json"
}
}
}
request_timeout => 30
schedule => { cron => "*/2 * * * *"}
codec => "json"
}
}
filter {
json_encode {
source => "message"
}
}
filter
{
mutate {
remove_field => [ "[time][label]" ]
}
}
output {
elasticsearch{
hosts => [
"http://localhost:9200/"
]
index => "awscloudhealth"
cacert => "xxxx"
}
stdout {
codec => rubydebug {
}
}
}

2

anyone please help

3

You probably have a better chance of getting help if you can show what the event looks like, e.g. by posting the output from the stdout plugin. Without that it is hard to tell.

4

I'm absolute beginner to this so I have no idea about that
but what I have figured out so far is that my date field is date datatype and i am passing the text datatype.

I tried to mutate the field like this but it doesn't work

filter {
mutate {
remove_field => [ "dimensions.time.label" ]
}
}

I think you must be referring about this

output {
elasticsearch{
hosts => [ "http://localhost:9200/"]
index => "awscloudhealth"
}
stdout {
codec => rubydebug {}
}
}

Please let me know

Thanks

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.