Briefly, this error occurs when there’s an attempt to update the mapping of an index that is not accepted by the primary shard. This could be due to a conflict in the mapping structure or a network partition. To resolve this, ensure that the mapping structure is consistent across all shards. If it’s a network issue, check the cluster health and resolve any network partitions. Also, consider increasing the timeout value for mapping updates if they are large and taking longer than expected.
In addition we recommend you run the Elasticsearch Template Optimizer to fix problems in your data modeling.
It will analyze your templates to detect issues and improve search performance, reduce indexing bottlenecks and optimize storage utilization. The Template Optimizer is free and requires no installation.
Background
A mapping type used to be a separate collection inside the same index. _doc is also a mapping type. For example, before ES version 6, a forum index can have two types: user and messages. Both these types can belong to the same index, and you can search for these multiple types in a single index itself.
But since mapping types were deprecated in ES version 6, users can only use one mapping type. You can either keep the mapping type as user or messages. Later on, for ES version 7, _doc is a part of the path.
For more information on the deprecating of mapping types, refer to this explanation.
How to reproduce this log in Elasticsearch version 7.x
Create index:
PUT /my-index
{
"mappings": {
"properties": {
"title": {
"type": "text"
}
}
}
}Index data:
POST /my-index/_doctype/1?pretty
{
"title":"hello world"
}The response will be:
{
"error": {
"root_cause": [
{
"type": "invalid_type_name_exception",
"reason": "mapping type name [_doctype] can't start with '_' unless it is called [_doc]"
}
],
"type": "invalid_type_name_exception",
"reason": "mapping type name [_doctype] can't start with '_' unless it is called [_doc]"
},
"status": 400
}The log generated is:
[INFO ][o.e.a.b.TransportShardBulkAction] [my-index][0] mapping update rejected by primary org.elasticsearch.indices.InvalidTypeNameException: mapping type name [_doctype] can't start with '_' unless it is called [_doc]
What this error means
This log message is an INFO message saying that you cannot use any other mapping type. Elasticsearch indices now support only the single document type, _doc.
You can index a new JSON document or update a document with the _doc mapping type ONLY.
Quick troubleshooting steps
Considering the above example, you need to use _doc instead of _doctype, as shown below:
POST /my-index/_doc/1?pretty
{
"title":"hello world"
}Overview
Mapping is similar to database schemas that define the properties of each field in the index. These properties may contain the data type of each field and how fields are going to be tokenized and indexed. In addition, the mapping may also contain various advanced level properties for each field to define the options exposed by Lucene and Elasticsearch.
You can create a mapping of an index using the _mappings REST endpoint. The very first time Elasticsearch finds a new field whose mapping is not pre-defined inside the index, it automatically tries to guess the data type and analyzer of that field and set its default value. For example, if you index an integer field without pre-defining the mapping, Elasticsearch sets the mapping of that field as long.
Examples
Create an index with predefined mapping:
PUT /my_index?pretty
{
"settings": {
"number_of_shards": 1
},
"mappings": {
"properties": {
"name": {
"type": "text"
},
"age": {
"type": "integer"
}
}
}
}Create mapping in an existing index:
PUT /my_index/_mapping?pretty
{
"properties": {
"email": {
"type": "keyword"
}
}
}View the mapping of an existing index:
GET my_index/_mapping?pretty
View the mapping of an existing field:
GET /my_index/_mapping/field/name?pretty
Notes
- It is not possible to update the mapping of an existing field. If the mapping is set to the wrong type, re-creating the index with updated mapping and re-indexing is the only option available.
- In version 7.0, Elasticsearch has deprecated the document type and the default document type is set to _doc. In future versions of Elasticsearch, the document type will be removed completely.
How to optimize your Elasticsearch mapping to reduce costs
Watch the video below to learn how to save money on your deployment by optimizing your mapping.
Common problems
- The most common problem in Elasticsearch is incorrectly defined mapping which limits the functionality of the field. For example, if the data type of a string field is set as text, you cannot use that field for aggregations, sorting or exact match filters. Similarly, if a string field is dynamically indexed without predefined mapping, Elasticsearch automatically creates two fields internally. One as a text type for full-text search and another as keyword type, which in most cases is a waste of space.
- Elasticsearch automatically creates an _all field inside the mapping and copies values of each field of a document inside the _all field. This field is used to search text without specifying a field name. Make sure to disable the _all field in production environments to avoid wasting space. Please note that support for the _all field has been removed in version 7.0.
- In versions lower than 5.0, it was possible to create multiple document types inside an index, similar to creating multiple tables inside a database. In those versions, there were higher chances of getting data types conflicts across different document types if they contained the same field name with different data types.
- The mapping of each index is part of the cluster state and is managed by master nodes. If the mapping is too big, meaning there are thousands of fields in the index, the cluster state grows too large to be handled and creates the issue of mapping explosion, resulting in the slowness of the cluster.
Overview
In Elasticsearch, when using the Bulk API it is possible to perform many write operations in a single API call, which increases the indexing speed. Using the Bulk API is more efficient than sending multiple separate requests. This can be done for the following four actions:
- Index
- Update
- Create
- Delete
Examples
The bulk request below will index a document, delete another document, and update an existing document.
POST _bulk
{ "index" : { "_index" : "myindex", "_id" : "1" } }
{ "field1" : "value" }
{ "delete" : { "_index" : "myindex", "_id" : "2" } }
{ "update" : {"_id" : "1", "_index" : "myindex"} }
{ "doc" : {"field2" : "value5"} }Notes
- Bulk API is useful when you need to index data streams that can be queued up and indexed in batches of hundreds or thousands, such as logs.
- There is no correct number of actions or limits to perform on a single bulk call, but you will need to figure out the optimum number by experimentation, given the cluster size, number of nodes, hardware specs etc.
Log Context
Log “{} mapping update rejected by primary” classname is TransportShardBulkAction.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :
MapperService.SINGLE_MAPPING_NAME;
new CompressedXContent(result.getRequiredMappingUpdate());
MapperService.MergeReason.MAPPING_UPDATE_PREFLIGHT
);
} catch (Exception e) {
logger.info(() -> new ParameterizedMessage("{} mapping update rejected by primary"; primary.shardId()); e);
assert result.getId() != null;
onComplete(exceptionToResult(e; primary; isDelete; version; result.getId()); context; updateResult);
return true;
}
