Elasticsearch stops indexing logs after upgrading from 5.2.4 to 6.x

We upgraded our ELK stack from 5.2.4 to 6. We had installed X-Pack and rebuilt the indices before the upgrade.

After restarting the new log entries after upgrade are not showing up in Kibana. We see several entries like the following in the Logstash log.

`

[2018-05-08T19:43:00,259][WARN ][logstash.outputs.elasticsearch] Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"logstash-2018.05.09", :_type=>"doc", :_routing=>nil}, #LogStash::Event:0x3c845dba], :response=>{"index"=>{"_index"=>"logstash-2018.05.09", "_type"=>"doc", "_id"=>nil, "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"Failed to parse mapping [default]: No field type matched on [float], possible values are [object, string, long, double, boolean, date, binary]", "caused_by"=>{"type"=>"illegal_argument_exception", "reason"=>"No field type matched on [float], possible values are [object, string, long, double, boolean, date, binary]"}}}}}

`

How can this issue be resolved? I am not sure which field maps to float in the index. Please help.

field type change?

Yes. Thanks. I have changed the field types in the template from float to double and created a new index. But the new index is not taking effect. Logstash is still trying to send data to the old index and reporting the same error. What can I do now?

I have worked around this problem by copying the index into a backup using "/_reindex", deleting the index and creating a new index with each field mapping changed to be compatible with the 6 version.

yes 5 or 6 have some change. need test this.... update....

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.