Good afternoon
Just trying to understand what action i should be taking in response to this recurring message in /var/log/graylog/elasticsearch/graylog_deprecation.log
...
[2018-11-05T11:45:46,114][WARN ][o.e.d.i.m.TypeParsers ] Expected a boolean [true/false] for property [index] but got [not_analyzed]
[2018-11-05T11:45:50,987][WARN ][o.e.d.i.m.TypeParsers ] Expected a boolean [true/false] for property [index] but got [not_analyzed]
[2018-11-05T11:46:02,739][WARN ][o.e.d.i.m.TypeParsers ] Expected a boolean [true/false] for property [index] but got [not_analyzed]
[2018-11-05T11:46:02,740][WARN ][o.e.d.i.m.TypeParsers ] Expected a boolean [true/false] for property [index] but got [not_analyzed]
[2018-11-05T11:48:34,059][WARN ][o.e.d.i.m.TypeParsers ] Expected a boolean [true/false] for property [index] but got [not_analyzed]
[2018-11-05T11:48:34,487][WARN ][o.e.d.i.m.TypeParsers ] Expected a boolean [true/false] for property [index] but got [not_analyzed]
[2018-11-05T11:48:34,487][WARN ][o.e.d.i.m.TypeParsers ] Expected a boolean [true/false] for property [index] but got [not_analyzed]
[2018-11-05T11:48:34,487][WARN ][o.e.d.i.m.TypeParsers ] Expected a boolean [true/false] for property [index] but got [not_analyzed]
...
Wasn’t able to identify from previous similar posts what action to take.
From ES high GC overhead issue The indication was that there might be a field called ‘index’. Using the Get Field Mapping API I haven’t been able to identify a field called index for the active write index, or the index before that, first few fields of the output included below.
Also queried the Index Template API with
curl -X GET “xxxx:9200/_template/?pretty=true”
But there are only five fields specified there, full_message, streams, source, message and timestamp, which I think must be default because we have never put any other mappings.
Am seeing a recurring issue where one of my nodes builds up a large number of unprocessed messages in the journal and I’m keen to run down all elasticsearch issues in the logs to rule them out.
curl -X GET "xxxx:9200/graylog_3078/_mapping/_all?pretty=true"
{
"graylog_3078" : {
"mappings" : {
"message" : {
"dynamic_templates" : [
{
"internal_fields" : {
"match" : "gl2_*",
"mapping" : {
"type" : "keyword"
}
}
},
{
"store_generic" : {
"match" : "*",
"mapping" : {
"index" : "not_analyzed"
}
}
}
],
"properties" : {
"LoggerName" : {
"type" : "keyword"
},
"TraceToken" : {
"type" : "keyword"
},
"accountHolder" : {
"type" : "keyword"
},