You are using a deprecated config setting "document_type" set in elasticsearch
Closed this issue · 2 comments
Hello All,
Fairly new to ELK stack I did encountered the following warning below during my setup.
'[WARN ][logstash.outputs.elasticsearch] You are using a deprecated config setting "document_type" set in elasticsearch. Deprecated settings will continue to work, but are scheduled for removal from logstash in the future. Document types are being deprecated in Elasticsearch 6.0, and removed entirely in 7.0. You should avoid this feature If you have any questions about this, please visit the #logstash channel on freenode irc. {:name=>"document_type", :plugin=><LogStash::Outputs::ElasticSearch bulk_path=>"/_xpack/monitoring/_bulk?system_id=logstash&system_api_version=6&interval=1s", hosts=>[http://localhost:9200], sniffing=>false, manage_template=>false, id=>"aa9ca250418a0d4ca15e4f43714f32837666af91a6d80d8f12351a90b6be9d81", document_type=>"%{[@metadata][document_type]}", enable_metric=>true, codec=><LogStash::Codecs::Plain id=>"plain_993be7a6-e875-499f-93e7-aa84272d4faa", enable_metric=>true, charset=>"UTF-8">, workers=>1, template_name=>"logstash", template_overwrite=>false, doc_as_upsert=>false, script_type=>"inline", script_lang=>"painless", script_var_name=>"event", scripted_upsert=>false, retry_initial_interval=>2, retry_max_interval=>64, retry_on_conflict=>1, ilm_enabled=>false, ilm_rollover_alias=>"logstash", ilm_pattern=>"{now/d}-000001", ilm_policy=>"logstash-policy", action=>"index", ssl_certificate_verification=>true, sniffing_delay=>5, timeout=>60, pool_max=>1000, pool_max_per_route=>100, resurrect_delay=>5, validate_after_inactivity=>10000, http_compression=>false>}
[2019-06-06T14:14:01,621][INFO ][logstash.pipeline ] Starting pipeline {:pipeline_id=>".monitoring-logstash", "pipeline.workers"=>1, "pipeline.batch.size"=>2, "pipeline.batch.delay"=>50}
[2019-06-06T14:14:01,640][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://localhost:9200/]}}
[2019-06-06T14:14:01,648][WARN ][logstash.outputs.elasticsearch] Restored connection to ES instance {:url=>"http://localhost:9200/"}
[2019-06-06T14:14:01,656][INFO ][logstash.outputs.elasticsearch] ES Output version determined {:es_version=>6}
[2019-06-06T14:14:01,656][WARN ][logstash.outputs.elasticsearch] Detected a 6.x and above cluster: the type event field won't be used to determine the document _type {:es_version=>6}
[2019-06-06T14:14:01,680][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["http://localhost:9200"]}
[2019-06-06T14:14:01,728][INFO ][logstash.pipeline ] Pipeline started successfully {:pipeline_id=>".monitoring-logstash", :thread=>"#<Thread:0x1fdf29b6 sleep>"}
[2019-06-06T14:14:01,737][INFO ][logstash.agent ] Pipelines running {:count=>2, :running_pipelines=>[:synlite_snort, :".monitoring-logstash"], :non_running_pipelines=>[]}
[2019-06-06T14:14:02,134][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}'
Please let me know what particular changes do I need to make.
Thanks and cheers!
Those are just deprecation warnings. For Elastic Stack 7.x an update will be necessary as I have recently completed for other solutions.
Thank you so much for the confirmation. I encountered a new error that I will be posting as a new ticket.