OK, so I see that new ELK doesn't have multiple mapping types. Had tons of errors, and believed I fixed it by removing the additional types being added at my logstash level. However, although all my data appears to be coming through I keep getting a mapping error every so many seconds about two types trying to be mapped. Is it possibly in my index? If someone with a little more experience could help me decipher what I believe is the index template used to create my daily index and let me know, I'd appreciate it!
I appreciate your response. When you said that, that got me thinking about checking all the servers to see if maybe any of them were pointing to a logstash server maybe I didn't know about(I didn't set up the system, and assumed any logstash node would show up in the cluster info, but you never know).
Well, lo and behold that investigating paid off and I found 9 or 10 servers with filebeat installed on them that were bypassing a logstash server and sending the data straight to the elasticsearch node. I didn't even think that was possible! But, after I fixed those, the errors have now gone away.
Although maybe you didn't point out the solution directly, you did help me get to the bottom of this by getting me on the right path, so thank you!!
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.