This is what I did to fix it on the logstash box[es]:
- In this file: ./vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.1.2-java/lib/logstash/outputs/elasticsearch/elasticsearch-template.json
remove this line:
"path": "full",
to leave it like:
"properties" : {
"@version": { "type": "string", "index": "not_analyzed" },
"geoip" : {
"type" : "object",
"dynamic": true,
"properties" : {
"location" : { "type" : "geo_point" }
}
}
2.Added this to the ES output
output {
elasticsearch {
...
template_overwrite => true
...
}
}
Hope this helps anyone having this issue also.
Francisco