I have a Win2012 R2 Server sending logs to to logstash via Winlogbeat. I see the logs in the logstash.log file but each gets the below error.
:response=>{"index"=>{"_index"=>"winlogbeat-2016.08.07", "_type"=>"wineventlog", "_id"=>nil, "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"Failed to parse mapping [default]: No handler for type [keyword] declared on field [related_activity_id]", "caused_by"=>{"type"=>"mapper_parsing_exception", "reason"=>"No handler for type [keyword] declared on field [related_activity_id]"}}}}, :level=>:warn}
I'm new to the ELK stack and have searched and tried many things to fix this with no luck. I think I have the winlogbeat template imported into elasticsearch ok as I see both the filebeat and the winlogbeat template when I query it on port 9200.
ELK stack is running on Ubuntu 14.04 LTS and using Winlogbeat v1.2.3.
Any help would be very much appreciated.