robcowart/elastiflow

Mapper_parsing_exception

Sc-Mae opened this issue · 2 comments

Setup:
Docker deployment with 1x Elasticsearch 1x elastiflow 1x kibana and 1 wazuh container.

I dont get any data from the elastiflow configs. It can find the Index Pattern but not the data.
I also have some other configs running which are working fine.

Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"elastiflow-4.0.1-2021.10.14", :rauting=>nil, :_type=>"_doc"}, #LogStash::Event:0xded7223], :response=>{"index"=>{"_index"=>"elastiflow-4.0.1-2021.10.14", "_type"=>"_doc", "_id"=>"L5oPfnwB0BgAuu9GOzzv", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"object mapping for [host] tried to parse field [host] as object, but found a concrete value"}}}}

I already updated the configs to the newst and also the template file as well.

@user4532452 as explained in README.md the legacy ElastiFlow solution is deprecated in favor of the new ElastiFlow solution based on the all-new Unified Flow Collector. Our focus is entirely on the new solution, and I encourage you to give it a try. You will find that it has A LOT of advantages over Logstash.

Thank you