Upgraded ES 5.6 > 6.1 Now _bulk not accepting header text/json

ericohtake · December 19, 2017, 2:13pm

Hello,
Today we updated ES to version 6.1 coming from 5.6 and all went good except for indexing Linux logs via a RSYSLOG plugin called omelasticsearch. I've setup an error output file that tells that the Content-Type header text/json is not supported. Is there any change thay might be causing this problem? I mean, propably the maintainer of this plugin will have to change its configuration somehow.

Below the response the application is getting from Elasticsearch after posting that data using the _bulk api. I had the syslog not being delivered after the upgrade, and only. All the rest are working fine.

{
        "request":      {
                "url":  "http://elasticsearch:9200/_bulk",
                "postdata":     "{\"index\":{\"_index\": \"rsyslog-2017-12-19\",\"_type\":\"syslog\"}}\n{\"timestamp\":\"2017-12-19T22:31:29+09:00\",\"message\":\" Starting Session 57613 of user root.\",\"host\":\"somehost\",\"severity\":\"info\",\"facility\":\"daemon\",\"syslogtag\":\"systemd:\"}\n"
        },
        "reply":        {
                "error":        "Content-Type header [text/json; charset=utf-8] is not supported",
                "status":       406
        }
}

Any help would be greatly appreciated.

jasontedor · December 19, 2017, 2:41pm

It should be Content-Type: application/json (the UTF-8 option is fine too).

ericohtake · December 19, 2017, 11:54pm

Thank you Jason. There was a specific change in place that made ES not accept what this plugin was sending to version 5.6?

jasontedor · December 20, 2017, 12:41am

Yes. See our blog post on strict content-type header parsing.

ericohtake · December 20, 2017, 11:57am

Thank you Jason. My bad, ,it seems that this change is up for some time already, and I've just noticed it upon upgrading to 6.1.
This post clarifies all. It seems there is a fix on 8.30 version of RSYSLOG, but it is still not in the RHEL repositories, we will update it manually.

jasontedor · December 20, 2017, 12:10pm

You're welcome!

ericohtake · December 20, 2017, 1:03pm

Well, for those interested, don't update RSYSLOG just yet. It seems there is a nasty bug in the omelasticsearch module that need to have the fix pushed.

system · January 17, 2018, 1:03pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Upgrading ES and logstash Logstash	1	364	June 4, 2018
Node - Bulk indexing not working - Content-Type header [application/x-ldjson] is not supported Elasticsearch	8	6059	February 11, 2018
"error" : "Content-Type header [application/x-www-form-urlencoded] is not supported", Elasticsearch	6	12751	June 9, 2020
Content type header application/x-ldjson not supported Elasticsearch	2	737	December 21, 2017
Json parse exception with status 500 post upgrade to 7.4.0 Elasticsearch	3	1459	October 30, 2019

Upgraded ES 5.6 > 6.1 Now _bulk not accepting header text/json

Related Topics