Match_body is not parsing

When i ran elastalert_create_index it show me this

Elastic Version: 7.10.1
Reading Elastic 6 index mappings:
Reading index mapping 'es_mappings/6/silence.json'
Reading index mapping 'es_mappings/6/elastalert_status.json'
Reading index mapping 'es_mappings/6/elastalert.json'
Reading index mapping 'es_mappings/6/past_elastalert.json'
Reading index mapping 'es_mappings/6/elastalert_error.json'
Traceback (most recent call last):
  File "/usr/local/bin/elastalert-create-index", line 11, in <module>
    load_entry_point('elastalert==0.2.4', 'console_scripts', 'elastalert-create-index')()
  File "/usr/local/lib/python3.6/site-packages/elastalert-0.2.4-py3.6.egg/elastalert/create_index.py", line 264, in main
    create_index_mappings(es_client=es, ea_index=index, recreate=args.recreate, old_ea_index=old_index)
  File "/usr/local/lib/python3.6/site-packages/elastalert-0.2.4-py3.6.egg/elastalert/create_index.py", line 72, in create_index_mappings
    body=es_index_mappings['past_elastalert'], include_type_name=True)
  File "/usr/local/lib/python3.6/site-packages/elasticsearch-7.0.0-py3.6.egg/elasticsearch/client/utils.py", line 84, in _wrapped
    return func(*args, params=params, **kwargs)
  File "/usr/local/lib/python3.6/site-packages/elasticsearch-7.0.0-py3.6.egg/elasticsearch/client/indices.py", line 321, in put_mapping
    "PUT", _make_path(index, "_mapping", doc_type), params=params, body=body
  File "/usr/local/lib/python3.6/site-packages/elasticsearch-7.0.0-py3.6.egg/elasticsearch/transport.py", line 318, in perform_request
    status, headers_response, data = connection.perform_request(method, url, params, body, headers=headers, ignore=ignore, timeout=timeout)
  File "/usr/local/lib/python3.6/site-packages/elasticsearch-7.0.0-py3.6.egg/elasticsearch/connection/http_requests.py", line 91, in perform_request
    self._raise_error(response.status_code, raw_data)
  File "/usr/local/lib/python3.6/site-packages/elasticsearch-7.0.0-py3.6.egg/elasticsearch/connection/base.py", line 131, in _raise_error
    raise HTTP_EXCEPTIONS.get(status_code, TransportError)(status_code, error_message, additional_info)
elasticsearch.exceptions.TransportError: TransportError(500, 'mapper_exception', "the [enabled] parameter can't be updated for the object mapping [match_body]")


and this is my template
PUT /_template/elastalert
{
  "index_patterns": ["elastalert*"],
  "settings": {
    "index": {
      "mapping": {
        "total_fields.limit": "10000"
      }
    },
    "number_of_replicas": 0,
    "number_of_shards": 3
     }
  ,
  "mappings": {
    "properties": {
      "match_body": {
        "properties": {
          "z_logstash_pipeline": {
            "type": "keyword"
          },
          "etl_pipeline": {
            "type": "keyword"
          }
        }
      }
    }
  }
}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Match_body is not parsing #3093

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Match_body is not parsing #3093

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions