Hello,
I am currently running Graylog v2.4 on a CentOS VM and I am seeing this error
{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [facility], expected [true] or [false]"}}
I have already read it has something to do with inconsistent data types and that I need extractors and pipelines to fix this. If so, can someone please confirm that is what will fix this?
In addition, I am a little stuck when it comes to implementing the extractors/pipelines. I am already very much aware there sections in the Graylog and Elasticsearch documentation explaining how to do so. However, I do not understand the reading.
My setup thus far is filebeat on one host sending to logstash on another host, which sends to rabbitmq on the same host and is pulled by graylog on third host.
The messages ARE sending through the pipeline, however graylog will not process them.
Thank you in advance!
P.S - I will post whatever config file is needed to fix my problem, just left them out so my question doesn’t appear to be too overwhelming
oh and I noticed there were a few other questions like mine as I typed this out, however they were either never answered or given a super minimal solution in which the inquirer understood completely, but unfortunately I did not.