I'm seeing this error in my Logstash logs:
[2017-12-22T15:16:21,203][WARN ][logstash.outputs.elasticsearch] Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"my-index-2017-09", :_type=>"doc", :_routing=>nil}, #<LogStash::Event:0x55937ff0>], :response=>{"index"=>{"_index"=>"my-index-2017-09", "_type"=>"doc", "_id"=>"L4fLfmAB04tAcouP6XEn", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"object mapping for [ip] tried to parse field [ip] as object, but found a concrete value"}}}}
I'm not sure how to find the actual raw data of the document it's trying to index though. I can't search Elasticsearch for it since the document doesn't exist in Elasticsearch since it hasn't been indexed. I also don't see any info that can tell me which document this error came from.
Any help would be appreciated. Thanks