What to be used instead of "type"

Hi Team,
I'm using type for separating the logs category, but in the logs file I am getting error (warning) message like below.

[2019-10-22T14:48:01,104][WARN ][logstash.outputs.elasticsearch] Detected a 6.x and above cluster: thetypeevent field won't be used to determine the document _type {:es_version=>7}

The document of logstash says to use the type for apache and other things.


Below is the config snippet.

grep 'replace => { "type"' /etc/logstash/conf.d/logstash.conf
  mutate {  replace => { "type" => "nginx_access" }}
  mutate {  replace => { "type" => "apache_access" }}
  mutate {  replace => { "type" => "sm_access" } }
  mutate {  replace => { "type" => "smps_logs" }}
  mutate {  replace => { "type" => "apigee_logs" }}

Let me know the correct way to categorize the logs.


If you are using it to separate the logstash processing you can continue to do so. If you want to suppress the warning then just rename it docType or something else.

If you want to use type to separate the documents in elasticsearch into different mapping types then you will not be able to do that in the future, because mapping types are going away.

I am just using this as to search in Kibana easily as each has different grok pattern in my logstash config. So i guess i put something like docType or use Tags ?

Both good options.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.