What to be used instead of "type"

Senthil_ak · October 23, 2019, 5:55pm

Hi Team,
I'm using type for separating the logs category, but in the logs file I am getting error (warning) message like below.

[2019-10-22T14:48:01,104][WARN ][logstash.outputs.elasticsearch] Detected a 6.x and above cluster: thetypeevent field won't be used to determine the document _type {:es_version=>7}

The document of logstash says to use the type for apache and other things.

_processing_apache_logs

Below is the config snippet.

grep 'replace => { "type"' /etc/logstash/conf.d/logstash.conf
  mutate {  replace => { "type" => "nginx_access" }}
  mutate {  replace => { "type" => "apache_access" }}
  mutate {  replace => { "type" => "sm_access" } }
  mutate {  replace => { "type" => "smps_logs" }}
  mutate {  replace => { "type" => "apigee_logs" }}

Let me know the correct way to categorize the logs.

Thanks

Badger · October 23, 2019, 6:29pm

If you are using it to separate the logstash processing you can continue to do so. If you want to suppress the warning then just rename it docType or something else.

If you want to use type to separate the documents in elasticsearch into different mapping types then you will not be able to do that in the future, because mapping types are going away.

Senthil_ak · October 23, 2019, 6:08pm

I am just using this as to search in Kibana easily as each has different grok pattern in my logstash config. So i guess i put something like docType or use Tags ?
Thanks

Badger · October 23, 2019, 6:22pm

Both good options.

system · November 20, 2019, 6:22pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.