Hi Jochen, Thank you for your excellent accurate advice again. I'm back up and running.
-- Regards, Roland On Thu, Feb 11, 2016 at 11:49 PM, Jochen Schalanda <[email protected]> wrote: > Hi Roland, > > the old index template being used by Graylog 1.x isn't compatible anymore > with Elasticsearch 2.x. Just delete the old graylog-internal template > (see > https://www.elastic.co/guide/en/elasticsearch/reference/2.2/indices-templates.html#delete) > and restart Graylog. The new template will be created by Graylog on startup > and everything should work as expected. > > > Cheers, > Jochen > > On Thursday, 11 February 2016 11:03:04 UTC+1, Roland Hill wrote: >> >> >> Hi list, >> >> Whilst I had migrated from 1.2.3 to 2.0, I experienced issues with >> logstash not being able to create an index. Long story short, I deleted all >> historical indexes (graylog and logstash) and "dropped" the graylog mongodb >> database. >> >> Yes this is drastic, but this is a home system so all is okay :-) >> >> For background, I feed graylog messages from the logstash GELF output >> plugin (successfully working with graylog 1.3.3 and ES 1.75). >> >> Now, whilst the logstash index problem has been resolved, I can't get >> graylog to create an index in ES v2.2.0 and it appears to be related to a >> "MappingParsingException". >> >> Log snippet is below: >> >> 2016-02-11 22:41:17,256 INFO : org.graylog2.indexer.Deflector - Did not >> find an deflector alias. Setting one up now. >> 2016-02-11 22:41:17,262 INFO : org.graylog2.indexer.Deflector - There is >> no index target to point to. Creating one now. >> 2016-02-11 22:41:17,278 INFO : org.graylog2.indexer.Deflector - Cycling >> deflector to next index now. >> 2016-02-11 22:41:17,279 INFO : org.graylog2.indexer.Deflector - Cycling >> from <none> to <hill_log2_0> >> 2016-02-11 22:41:17,279 INFO : org.graylog2.indexer.Deflector - Creating >> index target <hill_log2_0>... >> 2016-02-11 22:41:17,325 ERROR: org.graylog2.periodical. >> IndexRotationThread - Couldn't point deflector to a new index >> org.elasticsearch.index.mapper.MapperParsingException: Failed to parse >> mapping [message]: Mapping definition for [_source] has unsupported >> parameters: [compress : true] >> at >> org.elasticsearch.cluster.metadata.MetaDataCreateIndexService$1.execute(MetaDataCreateIndexService.java:332) >> ~[graylog.jar:?] >> at >> org.elasticsearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:45) >> ~[graylog.jar:?] >> at >> org.elasticsearch.cluster.service.InternalClusterService.runTasksForExecutor(InternalClusterService.java:458) >> ~[graylog.jar:?] >> at >> org.elasticsearch.cluster.service.InternalClusterService$UpdateTask.run(InternalClusterService.java:762) >> ~[graylog.jar:?] >> at >> org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedEsThreadPoolExecutor.java:231) >> ~[graylog.jar:?] >> at >> org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedEsThreadPoolExecutor.java:194) >> ~[graylog.jar:?] >> at >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) >> [?:1.8.0_60] >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) >> [?:1.8.0_60] >> at java.lang.Thread.run(Thread.java:745) [?:1.8.0_60] >> Caused by: org.elasticsearch.index.mapper.MapperParsingException: Mapping >> definition for [_source] has unsupported parameters: [compress : true] >> at >> org.elasticsearch.index.mapper.DocumentMapperParser.checkNoRemainingFields(DocumentMapperParser.java:171) >> ~[graylog.jar:?] >> at >> org.elasticsearch.index.mapper.DocumentMapperParser.checkNoRemainingFields(DocumentMapperParser.java:165) >> ~[graylog.jar:?] >> at >> org.elasticsearch.index.mapper.DocumentMapperParser.parse(DocumentMapperParser.java:148) >> ~[graylog.jar:?] >> at >> org.elasticsearch.index.mapper.DocumentMapperParser.parse(DocumentMapperParser.java:100) >> ~[graylog.jar:?] >> at >> org.elasticsearch.index.mapper.MapperService.parse(MapperService.java:435) >> ~[graylog.jar:?] >> at >> org.elasticsearch.index.mapper.MapperService.merge(MapperService.java:272) >> ~[graylog.jar:?] >> at >> org.elasticsearch.cluster.metadata.MetaDataCreateIndexService$1.execute(MetaDataCreateIndexService.java:329) >> ~[graylog.jar:?] >> ... 8 more >> >> Can anyone offer any suggestions how I might debug this? Assuming its >> something to do with the "logstash pipeline", I have reviewed all my >> filters but nothing stands out to my somewhat untrained eye. >> >> Any pointers to get me looking in the right place would be appreciated. >> >> -- >> Roland >> >> >> -- > You received this message because you are subscribed to the Google Groups > "Graylog Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/graylog2/daf03b8f-db76-4968-b3d9-c93603918eca%40googlegroups.com > <https://groups.google.com/d/msgid/graylog2/daf03b8f-db76-4968-b3d9-c93603918eca%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CA%2BGGh2VkyAQVMXwMvxYvqZOdMz264ze4EGYxxOhyOa70h9CjfQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
