Graylog Indexer failures High count

Graylog Central (peer support)
1

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident:

High Indexer failures count in Graylog

ElasticsearchException[Elasticsearch exception [type=mapper_parsing_exception, reason=failed to parse field [ListBaseType] of type [long] in document with id ‘7b9d7f71-6c9d-11f0-8093-005056a985bb’. Preview of field’s value: ‘GenericList’]]; nested: ElasticsearchException[Elasticsearch exception [type=illegal_argument_exception, reason=For input string: “GenericList”]];

Letter ID :

7b9d7f71-6c9d-11f0-8093-005056a985bb

2. Describe your environment:

  • OS Information: Ubantu linx

  • Package Version:: 6.0.20

  • Service logs, configurations, and environment variables:

3. What steps have you already taken to try and solve the problem?

Looking for source data that produce high indexer failures ,

not albe to trace in graylog or elesticserch

also configuration for Configure Failure Processing Inde in not avaiable in Graylog 6.0.20

4. How can the community help?

how to find source data for Indexer failures pls share any relevent command or steps to address this issue ,

Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]

2

Hello @raghuver,

If we just take the specific error provided, the issue stems from a field containg data that dones’t match it’s type. The field ListBaseType is expecting type long but contains a string, altering ListBaseType to type string will fix the immediate issue.

This article will run you through how to alter field types from within the Graylog UI.

3

Hi Wine,

Thank you for your response to the post — I’ll proceed with implementing the “Create a Field Type Profile” solution as suggested.

In addition, we’re looking to filter and identify the source data, as our environment hosts over 500 +machines. Specifically, we’re trying to extract the host’s remote IP from the source metadata.

However, we’re not seeing any output in Graylog search , when searching using filters such as the source field name, Letter ID, or index name (e.g., graylog_99). The journal logs also do not show any entries related to illegal_argument_exception, or similar error messages.

The Letter ID or Document ID related to the indexer failures appears in the error message itself, but we’re unable to use it effectively for filtering.

Could you please advise if there’s a way to apply a filter in the Graylog search or via CLI to identify indexer failure error messages?

Appreciate your help.