Indexer Failures after upgrade to 2.3.1

(Shaun Hines) #1

I upgraded graylog to 2.3.1 and elasticsearch from 2 to 5.2.

According to the graylog console it can connect fine esearch after the upgrade, but now when I attempt to send syslog data I get the following index errors:

{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [facility], expected [true] or [false]"}}

Did I forget to perform a post upgrade step?

Index failures after upgrading to 2.3.1 from 2.2.3
(Shaun Hines) #2

I resolved the issue by rotating the index.

Can someone explain why it was necessary to rotate the index?

(Jochen) #3

Because there were breaking changes in the index mapping between Elasticsearch 2.x and 5.x.

Please refer to for details.

(system) closed #4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.