Thanks for your response once again, you were exactly right. I am using a custom index template for all aforementioned indexes, which was the source of the problem. For future reference, I created my index template according to the template supplied in https://www.elastic.co/guide/en/elasticsearch/reference/6.8/indices-templates.html, e.g.:
{
"index_patterns": [
"api*"
],
"order": 1,
"mappings": {
"_doc": {
"properties": {
"request_uri": {
"type": "keyword"
},
"request_method": {
"type": "keyword"
},
"status_code": {
"type": "short"
}
}
}
}
}
Conversely, the Graylog documentation specifies a slightly different template format (https://docs.graylog.org/en/4.0/pages/configuration/elasticsearch.html#creating-a-new-index-template):
{
"index_patterns": [
"api*"
],
"order": 1,
"mappings": {
"message": {
"properties": {
"request_uri": {
"type": "keyword"
},
"request_method": {
"type": "keyword"
},
"status_code": {
"type": "short"
}
}
}
}
}
Note that the difference lies in the child element of mapping, which is _doc in the ElasticSearch documentation template, and message in the Graylog documentation template. This was what caused and subsequently fixed the exceptions; simply changing _doc to message in all relevant templates got rid of the exceptions.