I'm trying to pass data to Elastic via FluentD, which is running in a Kubernetes pod. Elastic is rejecting the data with the message
'Could not dynamically add mapping for field [app.kubernetes.io/instance]. Existing mapping for [kubernetes.labels.app] must be of type object but found [text].'
I've tried to resolve this using the rewrite_tag plugin but I couldn't get anything to work.
As the error message suggests you have an issue with the current mapping and the document you are trying to ingest.
It seems like the mapping expect somthing like:
{
"Kubernetes":{
"labels":{
"app":{...}
}
}
}
But the document you sent was in the following format:
{
"Kubernetes":{
"labels":{
"app": "some text"
}
}
}
You will need to rename/move the text field in somewhere else, maybe in kubernetes.labels.app.name
You will have to delete the index, an re create it with the right mapping.