HI,

My logstash configuration is:

input {
file {
path => "/opt/XXX/*.txt"
start_position => "beginning"
add_field => [ "log_type","xyz" ]
}
}

The filter part of this file is commented out to indicate that it is

optional.

filter {
if [log_type] == "xyz" {
dissect {
mapping => {
message => "%{act}|%{yui}|%{dsd}|%{ds}|%{ds}|%{dd}"

  	}
  }

}
}
output {
elasticsearch {
hosts => ["eee"]
manage_template => false
user => QQQ
password => WER
index => "ert"
}
stdout {
codec => rubydebug
}

}

Earlier ,it was working fine. Now it is throwing the error:
Detected a 6.x and above cluster: the type event field won't be used to determine the document _type {:es_version=>6}

I have used "log_type" and not "type".It is throwing error now also.
Please help.

Hi @shruti51,

It would be much easier to read your config if you would format your post better. Also, you ask a Logstash question in the Elasticsearch forum...

add_field should be a hash, not an array. I would start with changing that. And you are not assigning the value to log_type as you expect.

Try something like

input {
  file {
    path => "/opt/XXX/*.txt"
    start_position => "beginning"
    add_field => {
      "log_type" => "xyz"
    }
  }
}

-AB

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.