Hi Enrico, please check the logs of your Elasticsearch node(s) for errors (or use Graylog to view the complete error messages, if they are indexed anyway).
There will probably be some mapping exceptions which will also tell you the offending field. If you have found the offending field, you might want to create a custom Elasticsearch index mapping: http://docs.graylog.org/en/2.0/pages/configuration/elasticsearch.html#custom-index-mappings Cheers, Jochen On Tuesday, 30 August 2016 15:28:26 UTC+2, Enrico wrote: > > Dear All, > I'm using the version graylog virtual machine for managing all messagges of > servers and network equipment. > To log all the hostname names in the messages from cisco equipment I had > to add an local input named Cisco Catalyst, > that I've downloaded from market place. > > After this installation I noticed that the number of recorded messages has > increased a lot and the Top Sources is became > Elasticserach. for example I see a lot of this messages: > > > Timestamp > <http://10.0.0.60/search?rangetype=keyword&fields=message%2Csource&width=1920&highlightMessage=&keyword=Last+Hour&q=source%3Aelasticsearch#> > source > <http://10.0.0.60/search?rangetype=keyword&fields=message%2Csource&width=1920&highlightMessage=&keyword=Last+Hour&q=source%3Aelasticsearch#> > > <http://10.0.0.60/search?rangetype=keyword&fields=message%2Csource&width=1920&highlightMessage=&keyword=Last+Hour&q=source%3Aelasticsearch#> > *2016-08-30 15:25:31.546* elasticsearch > > ... 22 more > *2016-08-30 15:25:31.546* elasticsearch > > at org.elasticsearch.index.mapper.FieldMapper.parse(FieldMapper.java:321) > *2016-08-30 15:25:31.545* elasticsearch > > at > org.elasticsearch.index.mapper.core.NumberFieldMapper.parseCreateField(NumberFieldMapper.java:241) > *2016-08-30 15:25:31.544* elasticsearch > > at > org.elasticsearch.index.mapper.core.LongFieldMapper.innerParseCreateField(LongFieldMapper.java:275) > *2016-08-30 15:25:31.542* elasticsearch > > at > org.elasticsearch.common.xcontent.support.AbstractXContentParser.longValue(AbstractXContentParser.java:145) > *2016-08-30 15:25:31.541* elasticsearch > > at java.lang.Long.parseLong(Long.java:631) > *2016-08-30 15:25:31.540* elasticsearch > > at java.lang.Long.parseLong(Long.java:589) > > > Does anyone exaplain that behaviour ? How Can I drop these messages ? > Thanks a lot ! > Best Regards > Enrico > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/285b15a4-3147-4012-b4eb-9ecac9f2ab42%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
