We are using fluentd as replacement for promtail with loki for log aggregation all the things seem to work fine as per our usecase but we have a strange error message in our logs with loki about which I was unable to find anything relevant if you can help or give any insights how to debug this it would be really helpful.
For more context this is not something unique and is present across all the clusters that we have deployed for our customers.
{
"error" : {
"root_cause" : [
{
"type" : "mapper_parsing_exception",
"reason" : "Root mapping definition has unsupported parameters: [audit : {properties={logType={type=keyword}, Action={type=keyword}, agent={type=keyword}, access={copy_to=[all], type=keyword}
}
],
"type" : "mapper_parsing_exception",
"reason" : "Failed to parse mapping [_doc]: Root mapping definition has unsupported parameters: [audit : {properties={logType={type=keyword}, Action={type=keyword}, agent={type=keyword}, access={
"caused_by" : {
"type" : "mapper_parsing_exception",
"reason" : "Root mapping definition has unsupported parameters: [audit : {properties={logType={type=keyword}, Action={type=keyword}, agent={type=keyword}, access={copy_to=[all], type=keyword},
}
},
"status" : 400
}
When I searched about this error message it presented me with results related to elasticsearch, I don’t know why loki shall show elasticsearch’s logs so it added more to confusion. I would be happy to provide any further information if needed to debug this.