Hey guys,
ive installed a new ELK Stack.
I want to filter some Cisco ASA Firewall Logs and tried to find the best filters.
Because of some strange behavior would i go to the main configuration without filters (only Input via syslog and output to Elasticsearch)
Now i get all the times such Messages:
[2017-06-19T22:26:52,600][WARN ][logstash.outputs.elasticsearch] Could not index event to Elasticsearch.{status=>400, :action=>["index", {:_id=>nil, :_index=>"logstash-2017.06.19", :_type=>"logs", :_routing=>nil}, 2017-06-19T20:26:52.548Z %{host} 2017-06-19T20:26:52.735Z 1.2.3.4 <167>Jun 19 2017 22:26:55: %ASA-7-710006: VRRP request discarded from 4.5.6.7 to OUTSIDE:224.0.0.45
], :response=>{"index"=>{"_index"=>"logstash-2017.06.19", "_type"=>"logs", "_id"=>"AVzCET7ojGYkI8OXhKm0", "status"=>400, "error"=>{"type"=>"illegal_argument_exception", "reason"=>"Mapper for [@timestamp] conflicts with existing mapping in other types:\n[mapper [@timestamp] is used by multiple types. Set update_all_types to true to update [format] across all types.]"}}}}
Ive already delete all indices but it is still not working.
Have anyone a idea?
Best Regards
Daniel