Failed to parse field [host] of type [text] after upgrade from 7.17 to 8.12

snakeapit · February 20, 2024, 11:41pm

Seeing this error below in logstash after upgrade from 7.17 to 8.12, data unable to index to Elasticsearch.

I'm new in Elastics, hopefully someone can assist here. Suspect the change in version 8.12 causing different type for the default field "host"

response=>{"index"=>{"status"=>400, "error"=>{"type"=>"document_parsing_exception", "reason"=>"[1:888] failed 
to parse field [host] of type [text] in document with id 'XXX-XXX-CUCM-1_4_236ab2df-4e78-44e4-b759-53ad3c48b763'. Preview of field's value: '{na
me=teknslev02esl}'", "caused_by"=>{"type"=>"illegal_state_exception", "reason"=>"Can't get text on a START_OBJECT at 1:865"}}}}}
[2024-02-16T15:34:32,095][WARN ][logstash.outputs.elasticsearch][cucm-cdr][cucm-cdr-output] Could not index event to Elasticsearch. {:status=>40
0,

Badger · February 21, 2024, 12:14am

See this thread.

Not sure what changed between 7.17 and 8.12. Perhaps the change in ECS compatibility described in the Breaking changes section of the 8.0 release notes.

snakeapit · March 11, 2024, 10:37pm

Thanks @Badger for your input. The issue resolved by adding the following to .conf file

mutate {
    rename => { "[host][name]" => "host" }
}

system · April 8, 2024, 10:37pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash failed to parse field [host] of type [text] in document Logstash	2	985	October 9, 2023
Logstash upgrade issue (Upgrade from 7.17.5 to 8.13.24 Logstash migration	2	150	June 14, 2024
Failed to parse field [data] of type [text] Logstash	2	2612	October 28, 2024
Failed to parse field Logstash	5	1894	September 9, 2021
This error seems to be related to mapping issues in Elasticsearch, Logstash	3	183	November 4, 2023

Failed to parse field [host] of type [text] after upgrade from 7.17 to 8.12

Related Topics