Fields show unknown type after Graylog Update from 2.4 to 3.2

ride4fun · May 17, 2020, 8:20pm

Hi!
We updated our logging system from Graylog2.4/ES2.x to Graylog3.2/ES5.6. According to the upgrade path no ES-reindexing was done neither should it be neccessary.
Unfortunately all the log fields show type ‘unknown’ now and if new data reaches a specific field its type shows ‘compound(string,unknown)’. New Fields with only ‘fresh’ data show the correct field type.
We recognized, that at least the ‘Show top values’ function does not work with ‘unknown’ fields.
Is there - beside reindexing - any known way to solve this problem? If not, do we have to expect further troubles with the ‘unknown’ fields?

Thanks in advance and Best Regards!

jan · May 18, 2020, 12:37pm

he @ride4fun

I guess you have done the elasticsearch upgrade similar to this one?

You might find some old threads in this community that can help you with that. I can’t remember any special problems/cases for the Elasticsearch 2 to 5 update… but my last is some years back.

system · June 1, 2020, 12:37pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog extractor data type problem Graylog Central (peer support)	4	887	September 9, 2020
Find source of compound fields Graylog Central (peer support)	4	1037	June 23, 2020
Deleted fields still appear in search Graylog Central (peer support)	12	690	January 17, 2022
Problem after updating graylog version Graylog Central (peer support)	5	651	December 16, 2022
ES fielddata java exception has broken graylog Graylog Central (peer support)	8	1048	May 14, 2019

Fields show unknown type after Graylog Update from 2.4 to 3.2

Related topics