Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Elasticsearch output should probably not use a type (flb_type) #1359

Closed
dperetti opened this issue May 25, 2019 · 11 comments
Closed

Elasticsearch output should probably not use a type (flb_type) #1359

dperetti opened this issue May 25, 2019 · 11 comments
Labels
enhancement fixed

Comments

@dperetti
Copy link

In Elasticsearch 7.0, document types are now deprecated.
However, fluent-bit ES output sets by default the document type to flb_type which can yield tricky issues when you're not an Elasticsearch expert.
It would be wise to set the type do "_doc" by default or not use a type at all.
@pappnase99
Copy link

Since ES 7.* is available on AWS as well, one would expect more people running into this. Any news?

@nanmu42
Copy link

nanmu42 commented Nov 13, 2019
edited
Loading

I just ran into this issue:

2019-11-12T11:02:55.01839169Z "stacktrace": ["java.lang.IllegalArgumentException: Rejecting mapping update to [logstash-2019.11.12] as the final mapping would have more than 1 type: [_doc, flb_type]",

Adding line

Type  _doc

to Fluent Bit Elasticsearch output config walks around this problem.

My Enviroment:

fluent/fluent-bit:1.2.1
Elasticsearch: 7.4.2

srkiNZ84 pushed a commit to srkiNZ84/fluent-bit that referenced this issue Nov 18, 2019
In order to be compatible with the new versions of ElasticSearch whic…
1c510ed 
…h effectively are getting rid of

_type, we should change the default type to be "_doc"

As per the ElasticSearch forum discussion at:

https://discuss.elastic.co/t/7-0-1-template-with-geo-point-geoip-processor-in-pipeline-bulk-crash/182039/3

this seems to be due to not specifying a _type when creating the mapping, at which point it defaults
to "_doc".

Later when performing a bulk operation (indexing) we specifying that _type is "flb_type" which then
causes the error to be thrown about multiple types not being allowed:

"Rejecting mapping update to [logs-2019.11.16] as the final mapping would have more than 1 type: [_doc, flb_type]"

Another possible solution to this issue might be to use the "flb_type" when creating the index (and mappings)
initially, however I'm not sure whether this type is being used for anything (we are not filtering or querying
based on it).

Issue(s): fluent#1359
@srkiNZ84 srkiNZ84 mentioned this issue Nov 18, 2019
Merged
srkiNZ84 pushed a commit to srkiNZ84/fluent-bit that referenced this issue Nov 19, 2019
Change the default _type to be _doc
c0876ec 
In order to be compatible with the new versions of ElasticSearch which effectively are getting rid of
_type, we should change the default type to be "_doc"

As per the ElasticSearch forum discussion at:

https://discuss.elastic.co/t/7-0-1-template-with-geo-point-geoip-processor-in-pipeline-bulk-crash/182039/3

this seems to be due to not specifying a _type when creating the mapping, at which point it defaults
to "_doc".

Later when performing a bulk operation (indexing) we specifying that _type is "flb_type" which then
causes the error to be thrown about multiple types not being allowed:

"Rejecting mapping update to [logs-2019.11.16] as the final mapping would have more than 1 type: [_doc, flb_type]"

Another possible solution to this issue might be to use the "flb_type" when creating the index (and mappings)
initially, however I'm not sure whether this type is being used for anything (we are not filtering or querying
based on it).

Issue(s): fluent#1359

Signed-off-by: Srdan Dukic <[email protected]>
@nikinaydenov
Copy link

It does not solve the problem. Fluent bit should stop sending _type to ES 7. The message on HTTP is clear:
HTTP/1.1 200 OK Warning: 299 Elasticsearch-7.4.2-2f90bbf7b93631e52bafb59b3b049cb44ec25e96 "[types removal] Specifying types in bulk requests is deprecated."
The same will stop to work completely (with Error, not warning) in ES8, but this is in the future.
Probably we need a separate setting for the version or special value for "Type: off" or what ever you decide, but with final effect of not sending _type at all.
Now the body of _bulk looks like:
{"index":{"_index":"indexname-2019.11.24","_type":"_doc"}}
It should looks like:
{"index":{"_index":"indexname-2019.11.24"}}

@grimmxsleeper
Copy link

grimmxsleeper commented Dec 4, 2019
edited
Loading

bump, running into this issue as well @edsiper

@yuha0
Copy link

yuha0 commented Jan 6, 2020

We'd also like to see this to be implemented.
Elasticsearch 7.0.0 was released 9 months ago and a lot of users have upgraded since then.

@hornetmadness
Copy link

hornetmadness commented Jan 8, 2020
edited
Loading

I'm on 7.2.0 and fluent-bit 1.3.5 and still getting this error

[2020/01/08 21:11:23] [debug] [out_es] HTTP Status=200 URI=/_bulk [2020/01/08 21:11:23] [error] [out_es] could not pack/validate JSON response {"took":2338,"errors":true,"items":[{"index":{"_index":"logs-2020.01.08","_type":"flb_type","_id":"dBv_hm8BnqxPixOGYeWJ","status":400,"error":{"type":"illegal_argument_exception","reason":"Rejecting mapping update to [logs-2020.01.08] as the final mapping would have more than 1 type: [_doc, flb_type]"}}},

@debu99
Copy link

debu99 commented Apr 19, 2020

we have the same issue

edsiper pushed a commit that referenced this issue May 5, 2020
@srkiNZ84
out_es: change the default _type to be _doc (#1750)
04ed3d8 
In order to be compatible with the new versions of ElasticSearch which effectively are getting rid of
_type, we should change the default type to be "_doc"

As per the ElasticSearch forum discussion at:

https://discuss.elastic.co/t/7-0-1-template-with-geo-point-geoip-processor-in-pipeline-bulk-crash/182039/3

this seems to be due to not specifying a _type when creating the mapping, at which point it defaults
to "_doc".

Later when performing a bulk operation (indexing) we specifying that _type is "flb_type" which then
causes the error to be thrown about multiple types not being allowed:

"Rejecting mapping update to [logs-2019.11.16] as the final mapping would have more than 1 type: [_doc, flb_type]"

Another possible solution to this issue might be to use the "flb_type" when creating the index (and mappings)
initially, however I'm not sure whether this type is being used for anything (we are not filtering or querying
based on it).

Issue(s): #1359

Signed-off-by: Srdan Dukic <[email protected]>

Co-authored-by: Serge Dukic <[email protected]>
@angristan
Copy link

This can be closed? 04ed3d8

@edsiper
Copy link
Member

edsiper commented Jun 15, 2020

thanks, closing it.

@edsiper edsiper closed this as completed Jun 15, 2020
@marxangels
Copy link

set

[OUTPUT]
    Name            es
    Type            _doc

then delete existing indexes to avoid more than 1 type error.

DELETE /logstash-*

This was referenced Jul 14, 2020
Closed
Closed
Closed
@mikebou
Copy link

mikebou commented Aug 10, 2020
edited
Loading

I don't believe this issue is actually solve. Elastic 7.8 will reject the POST to _bulk if the _type is part of the parameter set.

I have entered the supporting document in issue #2448

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests