If you’ve recently upgraded to Elasticsearch 2.0 and Logstash 2.0, you may find that Logstash is no longer able to create indexes in Elasticsearch, as evidenced by the following error in the Elasticsearch logs.

[code lang=text]
MapperParsingException[Mapping definition for [geoip] has unsupported parameters:  [path : full]]
[/code]

This error was due to a bug in the elasticsearch output plugin of Logstash 2.0 which has since been fixed, but your logstash template within Elasticsearch might still contain the old mapping.

To remedy the situation, run the following command to prune the old template:

[code lang=text]
curl -XDELETE http://localhost:9200/_template/logstash?pretty
[/code]

That should do it.