Hello!
I'm using Elastic stack to collect logs from application nodes. My setup is: Filebeat -> Logstash -> Elasticsearh.
I have upgraded my cluster from version 5.6 to version 6.0. Cluster consists of 5 nodes: 1 master, 2 hot nodes, 2 cold nodes.
Elasticsearch has been upgraded on all nodes plus Logstash node. Also I did changes in index template.
Now it looks like this:
{
"index_patterns": "logstash-*",
"settings": {
"index.refresh_interval": "5s",
"index.number_of_shards": 2,
"index.number_of_replicas": 1,
"index.routing.allocation.require.box_type": "hot"
},
"mappings": {
"_default_": {
"_all": {
"enabled": false,
"omit_norms": true
},
"dynamic_templates": [
{
"message_field": {
"match": "message",
"match_mapping_type": "string",
"mapping": {
"type": "text",
"index": "analyzed",
"omit_norms": true
}
}
},
{
"strings": {
"match": "*",
"match_mapping_type": "string",
"mapping": {
"type": "text",
"index": "analyzed",
"omit_norms": true,
"fields": {
"keyword": {
"type": "text",
"index": "not_analyzed",
"ignore_above": 256
}
}
}
}
}
],
"properties": {
"@version": {
"type": "text"
},
"geoip": {
"type": "object",
"dynamic": true,
"properties": {
"location": {
"type": "geo_point"
}
}
}
}
}
}
}
Unfortunately, I still can't get new data, only error in Logstash:
[WARN ][logstash.outputs.elasticsearch] Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"logstash-application-2017.12.12-11", :_type=>"doc", :_routing=>nil}, #<LogStash::Event:0x276c821b>], :response=>{"index"=>{"_index"=>"logstash-application-2017.12.12-11", "_type"=>"doc", "_id"=>nil, "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"Failed to parse mapping [_default_]: No handler for type [string] declared on field [@version]", "caused_by"=>{"type"=>"mapper_parsing_exception", "reason"=>"No handler for type [string] declared on field [@version]"}}}}}
