Indexer Failures after upgrade to 2.3.1

shines2 · August 28, 2017, 8:32pm

I upgraded graylog to 2.3.1 and elasticsearch from 2 to 5.2.

According to the graylog console it can connect fine esearch after the upgrade, but now when I attempt to send syslog data I get the following index errors:

{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [facility], expected [true] or [false]"}}

Did I forget to perform a post upgrade step?

shines2 · August 28, 2017, 8:48pm

I resolved the issue by rotating the index.

Can someone explain why it was necessary to rotate the index?

jochen · August 29, 2017, 7:00am

Because there were breaking changes in the index mapping between Elasticsearch 2.x and 5.x.

Please refer to https://www.elastic.co/guide/en/elasticsearch/reference/5.5/breaking-changes-5.0.html for details.

system · September 12, 2017, 7:00am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Indexer failures after upgrade to ES 5.5 Graylog Central (peer support)	7	2670	August 24, 2017
Get some error messages after Graylog Update Graylog Central (peer support)	2	554	September 12, 2017
Graylog index range causes problem after every index rotation Graylog Central (peer support)	7	1560	November 27, 2019
Recurring indexer failures Graylog Central (peer support)	3	821	April 21, 2021
Can't rotate index manually or automatically Graylog Central (peer support)	5	2915	February 26, 2019

Indexer Failures after upgrade to 2.3.1

Related topics