Hi Team,
Elasticsearch is throwing mapper_parsing_exception when we try to push logs to an index from different applications. As different applications generates logs with same field [whose type might differ], there are few cases where the records are failed to parse the field in the index.
For example:
-
Failed to parse field [service]
Index : test
Field : service
Value type expected : text
Value that was accepted by Elasticsearch: cassandra
Value that was rejected by Elasticsearch : kind=APIGatewayService, namespace=test, name=test_object, status={status=valid}
Occurrence of Mapper_parsing_exception: 56 hits (after installation time) -
Failed to parse field [responseObject.status]
Index : audit
Field : status
Value type expected : text
Actual Value(Rejected by ES) : details=cannot delete , Provisioner response timeout, sum=893981314, id=ba-9c9b-b4c6133f8eb8, status=delete-inprogress
Occurrence : 72 hits (after installation time)
Successful value(accepted by ES) : Success / Failure
These are couple of examples and we are facing this issue for other fields as well.
Is the above behavior expected? Is the above approach right? Are there any possible workarounds/suggestions to avoid the above situation?