Hi,
Just upgraded to Elasticsearch and Logstash 6.2.0, everything was going well however logstash now can't put data in to elasticsearch. We are using this for IDS traffic the error we are getting is:
[2018-02-14T14:11:35,508][WARN ][logstash.outputs.elasticsearch] Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"logstash-2018.02.14", :_type=>"doc", :_routing=>nil}, #LogStash::Event:0x7b67818b], :response=>{"index"=>{"_index"=>"logstash-2018.02.14", "_type"=>"doc", "_id"=>nil, "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"Failed to parse mapping [default]: No handler for type [string] declared on field [@version]", "caused_by"=>{"type"=>"mapper_parsing_exception", "reason"=>"No handler for type [string] declared on field [@version]"}}}}}
I am guessing we need to change @version to be text, I suspect its using the logstash default template but I'll be damned if I can find it.
Any help greatly appreciated.
Thanks
Pete.