Getting this error when trying to reindex old indexes (which were created in 5.6.x) thru Kibana's 7.0 Upgrade Assistant:
[mapper_parsing_exception][include_in_all] is not allowed for indices created on or after version 6.0 .0 as [_all] is deprecated. As a replacement, you can use an [copy_to] on mapping fields to create your own catch all field.::
{
"path": "/reindexed-v6-logstash-2019.01.05",
"query": {},
"body": "{\"settings\":{\"index.number_of_replicas\":\"0\",\"index.number_of_shards\":\"5\",\"index.priority\":\"100\",\"index.refresh_interval\":\"5s\"},\"mappings\":{\"syslog\":{\"dynamic_templates\":[{\"message_field\":{\"path_match\":\"message\",\"match_mapping_type\":\"string\",\"mapping\":{\"norms\":false,\"type\":\"text\"}}},{\"string_fields\":{\"match\":\"*\",\"match_mapping_type\":\"string\",\"mapping\":{\"fields\":{\"keyword\":{\"type\":\"keyword\"}},\"norms\":false,\"type\":\"text\"}}}],\"properties\":{\"@timestamp\":{\"type\":\"date\",\"include_in_all\":false},\"@version\":{\"type\":\"keyword\",\"include_in_all\":false},\"Amps\":{\"type\":\"float\"},\"LegNum\":{\"type\":\"long\"},\"PDUName\":{\"type\":\"text\",\"norms\":false,\"fields\":{\"keyword\":{\"type\":\"keyword\"}}},\"geoip\":{\"dynamic\":\"true\",\"properties\":{\"ip\":{\"type\":\"ip\"},\"latitude\":{\"type\":\"half_float\"},\"location\":{\"type\":\"geo_point\"},\"longitude\":{\"type\":\"half_float\"}}},\"host\":{\"type\":\"text\",\"norms\":false,\"fields\":{\"keyword\":{\"type\":\"keyword\"}}},\"logsource\":{\"type\":\"text\",\"norms\":false,\"fields\":{\"keyword\":{\"type\":\"keyword\"}}},\"message\":{\"type\":\"text\",\"norms\":false},\"pid\":{\"type\":\"text\",\"norms\":false,\"fields\":{\"keyword\":{\"type\":\"keyword\"}}},\"port\":{\"type\":\"long\"},\"program\":{\"type\":\"text\",\"norms\":false,\"fields\":{\"keyword\":{\"type\":\"keyword\"}}},\"raw_input\":{\"type\":\"text\",\"norms\":false,\"fields\":{\"keyword\":{\"type\":\"keyword\"}}},\"type\":{\"type\":\"text\",\"norms\":false,\"fields\":{\"keyword\":{\"type\":\"keyword\"}}}}}}}",
"statusCode": 400,
"response": "{\"error\":{\"root_cause\":[{\"type\":\"mapper_parsing_exception\",\"reason\":\"[include_in_all] is not allowed for indices created on or after version 6.0.0 as [_all] is deprecated. As a replacement, you can use an [copy_to] on mapping fields to create your own catch all field.\"}],\"type\":\"mapper_parsing_exception\",\"reason\":\"Failed to parse mapping [syslog]: [include_in_all] is not allowed for indices created on or after version 6.0.0 as [_all] is deprecated. As a replacement, you can use an [copy_to] on mapping fields to create your own catch all field.\",\"caused_by\":{\"type\":\"mapper_parsing_exception\",\"reason\":\"[include_in_all] is not allowed for indices created on or after version 6.0.0 as [_all] is deprecated. As a replacement, you can use an [copy_to] on mapping fields to create your own catch all field.\"}},\"status\":400}"
}
Looks like it's because it's trying to apply the syslog mapping which still has "_all" in it... How can I alter this mapping, so that I can successfully reindex these older files?