Hi Fabien, Thanks for the reply. I have tried removing all ES data and to let ES re-create the index as brand new with the first request coming from syslog-ng but the error still persists. From the documentation in ES both Index auto-creation and auto-mapping is allowed by default. Do you have any other suggestions? Marco
On 26 Jan 2018, at 09:48, Fabien Wernli <wernli@in2p3.fr> wrote:
Hi,
Your mapping probably differs between 'fw-*' and 'test'. Can you change your syslogng config to index to 'test' instead?
cheers
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq