Expected a boolean [true/false] for property [index] but got [not_analyzed]

Graylog Central (peer support)
1

Good afternoon

Just trying to understand what action i should be taking in response to this recurring message in /var/log/graylog/elasticsearch/graylog_deprecation.log

...
[2018-11-05T11:45:46,114][WARN ][o.e.d.i.m.TypeParsers    ] Expected a boolean [true/false] for property [index] but got [not_analyzed]
[2018-11-05T11:45:50,987][WARN ][o.e.d.i.m.TypeParsers    ] Expected a boolean [true/false] for property [index] but got [not_analyzed]
[2018-11-05T11:46:02,739][WARN ][o.e.d.i.m.TypeParsers    ] Expected a boolean [true/false] for property [index] but got [not_analyzed]
[2018-11-05T11:46:02,740][WARN ][o.e.d.i.m.TypeParsers    ] Expected a boolean [true/false] for property [index] but got [not_analyzed]
[2018-11-05T11:48:34,059][WARN ][o.e.d.i.m.TypeParsers    ] Expected a boolean [true/false] for property [index] but got [not_analyzed]
[2018-11-05T11:48:34,487][WARN ][o.e.d.i.m.TypeParsers    ] Expected a boolean [true/false] for property [index] but got [not_analyzed]
[2018-11-05T11:48:34,487][WARN ][o.e.d.i.m.TypeParsers    ] Expected a boolean [true/false] for property [index] but got [not_analyzed]
[2018-11-05T11:48:34,487][WARN ][o.e.d.i.m.TypeParsers    ] Expected a boolean [true/false] for property [index] but got [not_analyzed]
...

Wasn’t able to identify from previous similar posts what action to take.

From ES high GC overhead issue The indication was that there might be a field called ‘index’. Using the Get Field Mapping API I haven’t been able to identify a field called index for the active write index, or the index before that, first few fields of the output included below.

Also queried the Index Template API with
curl -X GET “xxxx:9200/_template/?pretty=true”
But there are only five fields specified there, full_message, streams, source, message and timestamp, which I think must be default because we have never put any other mappings.

Am seeing a recurring issue where one of my nodes builds up a large number of unprocessed messages in the journal and I’m keen to run down all elasticsearch issues in the logs to rule them out.

curl -X GET "xxxx:9200/graylog_3078/_mapping/_all?pretty=true"
{
  "graylog_3078" : {
    "mappings" : {
      "message" : {
        "dynamic_templates" : [
          {
            "internal_fields" : {
              "match" : "gl2_*",
              "mapping" : {
                "type" : "keyword"
              }
            }
          },
          {
            "store_generic" : {
              "match" : "*",
              "mapping" : {
                "index" : "not_analyzed"
              }
            }
          }
        ],
        "properties" : {
          "LoggerName" : {
            "type" : "keyword"
          },
          "TraceToken" : {
            "type" : "keyword"
          },
          "accountHolder" : {
            "type" : "keyword"
          },
2

Hi @cdeng were you able to get to a solution for ES high GC overhead issue?

3

please do not try to fix that. The message is in the deprecation logfile and we are aware of that. With the upcoming versions of Graylog this will be fixed.

4

Good evening @jan

Thanks very much for the clear response! Gives me an idea of the purpose of graylog_deprecation.log too. I will direct myself to other recurring errors.

5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.