'ElasticSearch 8 errors with Action/metadata line [1] contains an unknown parameter [_type] status:400

I am trying to setup EFK (ElasticSearch 8, FluentD and Kibana) stack on K8S cluster (on-premises)

I followed this link to install elasticsearch and installed it using helm charts and followed this link to install fluentd

Output of fluentd and elasticsearch pods

[root@ctrl01 ~]#  kubectl get pods
NAME                                                     READY   STATUS    RESTARTS   AGE
elasticsearch-master-0                                   1/1     Running   0          136m

[root@ctrl01 ~]#  kubectl get pods -n kube-system
NAME                                                            READY   STATUS    RESTARTS   AGE
fluentd-cnb7p                                                   1/1     Running   0          107m
fluentd-dbxjk                                                   1/1     Running   0          107m

However, elasticsearch log was piled up with the following warning messages

2021-10-18 12:13:12 +0000 [warn]: temporarily failed to flush the buffer. next_retry=2021-10-18 12:13:42 +0000 error_class="Elasticsearch::Transport::Transport::Errors::BadRequest" error="[400] {\"error\":{\"root_cause\":[{\"type\":\"illegal_argument_exception\",\"reason\":\"Action/metadata line [1] contains an unknown parameter [_type]\"}],\"type\":\"illegal_argument_exception\",\"reason\":\"Action/metadata line [1] contains an unknown parameter [_type]\"},\"status\":400}" plugin_id="out_es"
2021-10-18 12:13:12 +0000 [warn]: suppressed same stacktrace

Conf file (tailored output)

2021-10-18 12:09:10 +0000 [info]: using configuration file: <ROOT>
  <match fluent.**>
    @type null
  </match>
  <source>
    @type tail
    @id in_tail_container_logs
    path /var/log/containers/*.log
    pos_file /var/log/fluentd-containers.log.pos
    tag kubernetes.*
    read_from_head true
    format json
    time_format %Y-%m-%dT%H:%M:%S.%NZ
  </source>
  <source>
    @type tail
    @id in_tail_minion
    path /var/log/salt/minion
    pos_file /var/log/fluentd-salt.pos
    tag salt
    format /^(?<time>[^ ]* [^ ,]*)[^\[]*\[[^\]]*\]\[(?<severity>[^ \]]*) *\] (?<message>.*)$/
    time_format %Y-%m-%d %H:%M:%S
  </source>

I am not sure which 'type' field it refers to. I am unable to find an example of ElasticSearch 8 for match and source directives to compare

It seems type field is not supported from ES 8 onwards but I am not sure on that. Kindly let me know the reason for the error

kubernetes


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

"curl: (52) Empty reply from server" / timeout when querying ElastiscSearch

Efficient way to retrieve all _ids in ElasticSearch

How to disable SSL verification for Elasticsearch RestClient v6.7.0 in Java

How to watch the logstash log?

elastic search, is it possible to update nested objects without updating the entire document?

ElasticSearch Aggregation over Top Hits

Kibana server is not ready yet

Kibana server is not ready yet

Any way(plugin) to parse kibana query syntax to elasticsearch api body?

Elastic search with Google Big Query

Can not run Elastic Search on ubuntu (Error opening log file)

Is it possible to filter records of one index from another index in elasticsearch query?

Can We Retrieve Previous _source Docs with Elastic Search Versions

Sort multi-bucket aggregation by source fields inside inner multi-bucket aggregation

How to get latest document in elastic search