Could not index event to Elasticsearch.
willie-lin opened this issue · 0 comments
willie-lin commented
logstash | [2019-04-29T15:33:41,424][WARN ][logstash.outputs.elasticsearch]
Could not index event to Elasticsearch.
{:status=>400, :action=>["index", {:_id=>nil,
:_index=>"snort-1.0.0-2019.04.29", :_type=>"doc",
:routing=>nil}, #LogStash::Event:0x2717df61],
:response=>{"index"=>{"_index"=>"snort-1.0.0-2019.04.29", "_type"=>"doc",
"_id"=>"eBW6aWoBhbNbdByl8QlP", "status"=>400,
"error"=>{"type"=>"mapper_parsing_exception",
"reason"=>"failed to parse field [event.host] of type [keyword]",
"caused_by"=>{"type"=>"illegal_state_exception",
"reason"=>"Can't get text on a START_OBJECT at 1:115"}}}}}