For those of you having this issue the steps for fixing are below, most
steps are directly from the link Jochen provided:
Create a new file on the ES server named graylog-custom-mapping.json
Put this information in that file
{
"template": "graylog_*",
"mappings" : {
"message" : {
"properties" : {
"EventDate" : {
"type" : "date",
"format" : "yyyy/MM/dd"
}
}
}
}
}
save the file and then run "curl -X PUT -d @'graylog-custom-mapping.json'
'http://localhost:9200/_template/graylog-custom-mapping?pretty'" to add it
to your existing template.
Manually cycle the deflector on the graylog server by going to the web
interface System>indices page and it should resolve your problem.
-------------------------------------------------------------------------------------------------------------------------------------------------
On Saturday, October 8, 2016 at 4:53:46 PM UTC-4, Rick Ingersoll wrote:
>
> I am also having this issue. Does anybody know how to fix this?
>
> Thanks
>
> On Thursday, September 8, 2016 at 8:41:33 AM UTC-4,
> [email protected] wrote:
>>
>> Hi Jochen,
>>
>> I am sorry, but I am not sure what to do with the index mapping.. I am
>> not really familer with the elasticsearch nor graylog. Can you guide me
>> with this please?
>>
>> Thanks
>>
>> On Thursday, September 8, 2016 at 1:19:37 PM UTC+3, Jochen Schalanda
>> wrote:
>>>
>>> Hi Aviv,
>>>
>>> you have to create a custom index mapping and template for the schema of
>>> your data:
>>> http://docs.graylog.org/en/2.1/pages/configuration/elasticsearch.html#custom-index-mappings
>>>
>>> Afterwards, you have to cycle indices (System -> Indices -> Maintenance).
>>>
>>> Cheers,
>>> Jochen
>>>
>>> On Thursday, 8 September 2016 11:45:22 UTC+2, [email protected]
>>> wrote:
>>>>
>>>> Hi,
>>>>
>>>>
>>>>
>>>> I've upgraded my GrayLog to the latest version (2.1). After doing so,
>>>> my Palo Alto Content Pack & Active Directory Content Pack stopped working.
>>>>
>>>> All indexes fails with the following error (150k errors):
>>>>
>>>> MapperParsingException[failed to parse [EventDate]]; nested:
>>>> IllegalArgumentException[Invalid format: "2016/09/08" is malformed at
>>>> "/09/08"];
>>>>
>>>>
>>>>
>>>> I am not really familar with this, can anyone address me where is the
>>>> issue and how to fix it?
>>>>
>>>>
>>>>
>>>> Thanks,
>>>>
>>>> Aviv Malka
>>>>
>>>>
>>>>
>>>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/dce5f1e8-f5b3-486f-8a4e-0abbe7db1cd4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
