Specify type 'keyword' for field 'geoip.postal_code', to avoid incorrectly autodetecting as type 'date'

[smokris]

Today my ELK started outputting a flood of warnings like this:

[2018-07-03T20:02:01,900][WARN ][logstash.outputs.elasticsearch] Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"logstash-20180704", :_type=>"doc", :_routing=>nil}, #], :response=>{"index"=>{"_index"=>"logstash-20180704", "_type"=>"doc", "_id"=>"jceYYmQBMUt-AEnBjPIk", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"failed to parse [geoip.postal_code]", "caused_by"=>{"type"=>"illegal_argument_exception", "reason"=>"Invalid format: \"H3G\""}}}}}

The geoip.postal_code field had been automatically detected as type date because the first document indexed today had an IP address in Portugal, whose postal codes are indistinguishable from the year-week date format. Subsequently, many other countries' postal codes started failing because they can't be parsed as dates (such as H3G above).

I was able to work around the problem by specifying type keyword for the geoip.postal_code field, to avoid autodetection.

[smokris]

CLA — Commit author has not signed the CLA and is not a member of Elasticsearch

(I did complete the CLA though: Transaction ID CBJCHBCAABAA59rdjHjOigXuRcQOahDPwze8-1K7N-Ps and CBJCHBCAABAA-zv4EQp1vFbGSouaTC2wwwfmdbU0eWCI.)

[yaauie]

@smokris it looks like you signed the CLA with a different e-mail address (s****@k*****) than is on either the commit or your github profile (smokris@s*****), so our CLA-checker can't verify the commit.

[smokris]

@yaauie Ah, thanks for clarifying. (I do have both email addresses associated with my GitHub account, but I made the commit using a different email address than the one on the CLA.) I just signed the CLA using my other email address, too.

[smokris]

Hmm, build failure 1290.12 doesn't seem to be related to this change.