Hello everybody!
I get the following error when I try to send syslog data to Elasticsearch Index:
[logstash.outputs.elasticsearch] Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"arcsight-2020.06.11", :_type=>"syslog", :_routing=>nil}, #LogStash::Event:0x262ee34b], :response=>{"index"=>{"_index"=>"arcsight-2020.06.11", "_type"=>"syslog", "_id"=>"uv2dnWEBlrOJlly6qpiU", "status"=>400, "error"=>{"type"=>"illegal_argument_exception", "reason"=>"Rejecting mapping update to [arcsight-2020.06.11] as the final mapping would have more than 1 type: [_doc,syslog]
I also want to mention that I get the following warning:
[WARN ][logstash.outputs.elasticsearch] You are using a deprecated config setting "document_type" set in elasticsearch. Deprecated settings will continue to work, but are scheduled for removal from logstash in the future. Document types are being deprecated in Elasticsearch 6.0, and removed entirely in 7.0.
I dont know if this is the cause of the first error, but I guess that these two things are related. I use ELK 7.6.2.
If somebody has any ideas, please help me to solve this problem! Thanks in advance!
