-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cant index FileBeats data through Logstash due to "source" field mapping problem with ES template #6206
Comments
I can confirm similar behavior with a slightly different error. running a straight text logfile produces: "log" config: Syslog#syslog:
Authorization logs#auth:
metric beats are working, but not filebeat. |
It seems there is a mapping conflict here with the For the Kibana issue: Seems to be related to #6489 |
I'm closing this due to inactivity. If anyone is still having issues please reach out on https://discuss.elastic.co/c/beats and we'll help you. |
Beats, ES, LS, and Kibana 6.1.2 in use on ubuntu 14
Filebeat -> Logstash -> ES is failing with:
The messages look like this:
The FB config is:
Metricbeat on the same setup works, mostly, but kibana in those dashboards complains about
The ES templates were loaded via filebeat setup --template, also tried manually doing it by having FB export and pushing via curl (after setting everything up clean):
All produce the same result - LS cant index filebeats data into ES.
Am i doing something very wrong, or is this a side effect of the push to try and have beats speak directly to ES? Exposing elasticsearch to every potential beats collector sounds about as safe as streaking through Kabul, and we use LS for a ton of other data types, so i'd like to figure out a way to keep running what appears to be (according to the docs) a supported data pipeline once we move to 6. Thanks.
The text was updated successfully, but these errors were encountered: