1. Describe your incident:
Im getting graylog errors that look like this:
graylog-1 | 2025-04-07 12:52:32,064 ERROR: org.graylog2.indexer.messages.ChunkedBulkIndexer - Failed to index [1] messages. Please check the index error log in your web interface for the reason. Error: failure in bulk execution:
When I go to System overview → Indexer failures I see this:
OpenSearchException[OpenSearch exception [type=mapper_parsing_exception, reason=object mapping for [attr.uuid] tried to parse field [uuid] as object, but found a concrete value]]
I dont know where to take it from there. Havent been able to dig anything up by searching for these errors.
I suspect messages in question may be of the form:
Apr 07 16:57:04 phoenix.home unifi[1916396]: unifi-db | {"t":{"$date":"2025-04-07T14:57:04.796+00:00"},"s":"I", "c":"NETWORK", "id":22944, "ctx":"conn62663","msg":"Connection ended","attr":{"remote":"127.0.0.1:53640","uuid":{"uuid":{"$uuid":"33bc3411-ed58-46da-bbb5-bddd6faf7e5c"}},"connectionId":62663,"connectionCount":7}}
At least thats the only place I find messages that literally contain uuid. It’s also a key of an object called attr, and I do try to parse this as json. And the uuid key in my json does have a value that is a new object, not a literal uuid string.
But where to go from there i dont know. Can I make graylog not want to read this object value as a uuid?
2. Describe your environment:
- OS Information:
The graylog docker image Im running is running Ubuntu 22.04.5 LTS. The docker image is docker.io/graylog/graylog:6.1.10
I have pretty much followed the tutorial for running it with docker compose here:
- Package Version:
6.1.10
- Service logs, configurations, and environment variables:
3. What steps have you already taken to try and solve the problem?
I have tried searching for these error messages, found nothing useful.
4. How can the community help?
Show me how to make these errors go away.
Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]