Hi,
I just upgraded a 1.7.1 instance of elasticsearch+logstash, and after upgrading and bringing up the services I'm getting this output from the elasticsearch log:
2015-10-30 18:34:14,041][DEBUG][action.admin.indices.create] [Charcoal] [logstash-2015.10.31] failed to create
MapperParsingException[mapping [default]]; nested: MapperParsingException[Mapping definition for [geoip] has unsupported parameters: [path : full]];
at org.elasticsearch.cluster.metadata.MetaDataCreateIndexService$2.execute(MetaDataCreateIndexService.java:359)
at org.elasticsearch.cluster.service.InternalClusterService$UpdateTask.run(InternalClusterService.java:388)
at org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedEsThreadPoolExecutor.java:225)
at org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedEsThreadPoolExecutor.java:188)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Is this a known issue for 2.0 ?
Is there any workaround for it ?
Hi!
I have the same issue; it's really frustrating!
Since my migration to the 2.0.0 my ELK stack isn't writing any indexes anymore.
On the one hand there's not really some kind of migration guide and on the other hand it seems that my ELK stack is falling apart.
Thank you very much for the soluton. It really helped.
Just to understand...
Could you explain the "2" point?
What "template_overwrite => true" do ?
In my case (Ubuntu 14.04, ES installed three days ago from ES ubuntu repo) the elasticsearch-template.json has been already corrected. But without "template_overwrite => true" it still didn't work.
FIrst, I want to thank you all for raising this! You caught something the logstash testing framework didn't catch regarding upgrades. This is an artifact of this issue, which was changed in 2.0. The logstash folks are going to update the upgrade documentation to reflect this manual step that may need to be done and look into updates to the testing framework to cover things like this in the future. And credit to @flopez for pointing everybody in the correct direction.
Users may have custom template changes, so by default a Logstash upgrade will leave the template as is. Even if you don’t have a custom template, Logstash will not overwrite an existing template by default. We removed GeoIP mapping issue in 1.5, but folks who have migrated from 1.4 and before would still have this issue and advised to overwrite their templates. Please be sure to save your existing template if you have custom changes.
Thanks ..... template_overwrite => "true" fixed my problem. After a 2.1 upgrade I was getting no indices. Adding that flag to my elasticsearch {template_overwrite => "true"} logstash->output settings fixed my problem.
Yep,I want to report a issue about packetbeat-1.2.3 and elasticsearch-2.3.3, there is a similar problem about [packetbeat-2016.06.23] failed to create.
But,in the packetbeat.yml ,I have done just what you have said .like this template_overwrite=”true"
Thanks .
# /opt/logstash/bin/logstash version logstash 2.4.0
Also, when cross-checked the file, /opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.7.1-java/lib/logstash/outputs/elasticsearch/elasticsearch-template.json, the geo-ip section is as below which is intact with no mention of "path":"full" as per the above discussions.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.