Hi Jochen,
Thank you for your response, using the format for the template that you
proposed still getting an error.
I dont really get what you mean by "name of the document type".
This is one from the messaged I am trying to parse :
{"timestamp":1451857664,"status":200,"request":{"type":"version"},"value":{"protocol":"7.0","agent":"1.1.0","info":{"product":"jboss","vendor":"RedHat","version":"7.2.0.Final"}}}
And using "$.status" for JSON extract "result" to string.
Thank you very much, I appreciate your help.
Error:
INFO [DeflectorResource] Cycling deflector. Reason: REST request.
2016-01-04_12:23:44.51366 INFO [Deflector] Cycling deflector to next index
now.
2016-01-04_12:23:44.51511 INFO [Deflector] Cycling from <graylog_24> to
<graylog_25>
2016-01-04_12:23:44.51571 INFO [Deflector] Creating index target
<graylog_25>...
2016-01-04_12:23:44.56285 ERROR [AnyExceptionClassMapper] Unhandled
exception in REST resource
2016-01-04_12:23:44.56596
org.elasticsearch.index.mapper.MapperParsingException: mapping [message]
2016-01-04_12:23:44.56864 at
org.elasticsearch.cluster.metadata.MetaDataCreateIndexService$2.execute(MetaDataCreateIndexService.java:394)
2016-01-04_12:23:44.56932 at
org.elasticsearch.cluster.service.InternalClusterService$UpdateTask.run(InternalClusterService.java:374)
2016-01-04_12:23:44.57054 at
org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedEsThreadPoolExecutor.java:204)
2016-01-04_12:23:44.57104 at
org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedEsThreadPoolExecutor.java:167)
2016-01-04_12:23:44.57300 at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
2016-01-04_12:23:44.57447 at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
2016-01-04_12:23:44.57450 at java.lang.Thread.run(Thread.java:745)
2016-01-04_12:23:44.57483 Caused by:
org.elasticsearch.index.mapper.MapperParsingException: Root type mapping
not empty after parsing! Remaining fields: [result : {type=string}]
2016-01-04_12:23:44.57589 at
org.elasticsearch.index.mapper.DocumentMapperParser.parse(DocumentMapperParser.java:278)
2016-01-04_12:23:44.57635 at
org.elasticsearch.index.mapper.DocumentMapperParser.parseCompressed(DocumentMapperParser.java:192)
2016-01-04_12:23:44.57753 at
org.elasticsearch.index.mapper.MapperService.parse(MapperService.java:449)
2016-01-04_12:23:44.57799 at
org.elasticsearch.index.mapper.MapperService.merge(MapperService.java:307)
2016-01-04_12:23:44.57882 at
org.elasticsearch.cluster.metadata.MetaDataCreateIndexService$2.execute(MetaDataCreateIndexService.java:391)
2016-01-04_12:23:44.57935 ... 6 more
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/a36207de-76e0-4ceb-94b6-980c29a8e953%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
