I am getting the following error:
[2018-07-02T13:53:58,975][DEBUG][o.e.a.b.TransportShardBulkAction] [syslog-2018.07.02][3] failed to execute bulk item (index) BulkShardRequest [[syslog-2018.07.02][3]] containing [7] requests
org.elasticsearch.index.mapper.MapperParsingException: object mapping for [host] tried to parse field [host] as object, but found a concrete value
When I do a GET /syslog-2018.07.02/_mapping, I get for "host":
},
"host": {
"properties": {
"name": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
},
Any idea what if this is the mapping I should be looking at and what I should be changing?
As I am no longer able to delete index mapping, I deleted the index, but the issue is continuing. I also see the following error:
Caused by: java.lang.IllegalStateException: Can't get text on a START_OBJECT at 1:71
I uninstalled and reinstalled the logstash plugin for syslog and the concrete error went away, however I'm still getting the "failed to parse [host]" error. When I do a search for today's syslog index mappings I can see where the host field is mapped, however I am unable to find the template that is being used to create the index mapping. Does anyone know where that template is? I'm unable to map it to anything that I find when I do a "GET /_template".
I uninstalled and reinstall the syslog plugin for logstash and that resolved some of my issues, but I was never able to determine how to edit that template.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.