Hi,
I'm currently trying to fix the following error :
index [log-2020-05-04], type [_doc], id [someid], message [ElasticsearchException[Elasticsearch exception [type=mapper_parsing_exception, reason=object mapping for [ClientIP] tried to parse field [ClientIP] as object, but found a concrete value]]]
I noticed the ip had a "keyword" type. After some research i noticed all IPV6 addresses caused the issue, so i changed the ip field type to "ip" after following this link
https://www.elastic.co/guide/en/elasticsearch/reference/current/ip.html
In modified the indexes tempates to match this - see at the bottom:
{
"index_patterns" : [
"log-*"
],
"mappings" : {
"properties": {
"UserAgent": {
"properties": {
"name": {
"type": "keyword"
},
"os_major": {
"type": "keyword"
},
"patch": {
"type": "keyword"
},
"os_name": {
"type": "text",
"fields": {
"keyword": {
"ignore_above": 256,
"type": "keyword"
}
}
},
"minor": {
"type": "keyword"
},
"device": {
"type": "keyword"
},
"os_minor": {
"type": "keyword"
},
"build": {
"type": "keyword"
},
"major": {
"type": "keyword"
},
"os": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
},
"WAFFlags": {
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
},
"type": "text"
},
"ClientSSLProtocol": {
"fields": {
"keyword": {
"ignore_above": 256,
"type": "keyword"
}
},
"type": "text"
},
"WAFRuleID": {
"type": "text",
"fields": {
"keyword": {
"ignore_above": 256,
"type": "keyword"
}
}
},
"EdgeColoID": {
"type": "long"
},
"ClientIP": {
"properties": {
"ip": {
"type": "ip"
},
The new index i'm currently pushing the log files in have the correct mapping but i still get the error i gave at the beginning.
Any help would be much appreciated, if needed i'll give more informations regarding configurations,
Ian