Hi Team,
I have done some changes on filebeat.yml to change index name for filebeat and visualize in kibana.
but getting below error while restarting filebeat service.
[root@nagios-core filebeat]# systemctl status filebeat
● filebeat.service - filebeat
Loaded: loaded (/usr/lib/systemd/system/filebeat.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2018-08-20 22:55:29 IST; 51min ago
Docs: https://www.elastic.co/guide/en/beats/filebeat/current/index.html
Main PID: 3388 (filebeat)
CGroup: /system.slice/filebeat.service
└─3388 /usr/bin/filebeat -c /etc/filebeat/filebeat.yml
Aug 20 23:37:37 nagios-core /usr/bin/filebeat[3388]: client.go:112: Failed to perform any bulk index operations: 406 Not Acceptable
Aug 20 23:38:37 nagios-core /usr/bin/filebeat[3388]: client.go:112: Failed to perform any bulk index operations: 406 Not Acceptable
i did below changes in filebeat.yml under output.elasticsearch
output:
Elasticsearch as output
elasticsearch:
# Array of hosts to connect to.
# Scheme and port can be left out and will be set to the default (http and 9200)
# In case you specify and additional path, the scheme is required: http://localhost:9200/path
# IPv6 addresses should always be defined as: https://[2001:db8::1]:9200
hosts: ["192.168.37.147:9200"]
# Optional protocol and basic auth credentials.
#protocol: "https"
#username: "admin"
#password: "s3cr3t"
# Number of workers per Elasticsearch host.
#worker: 1
# Optional index name. The default is "filebeat" and generates
# [filebeat-]YYYY.MM.DD keys.
index: "api-access-%{+yyyy.MM.dd}"
setup.template:
name: 'api-access'
pattern: 'api-access-*'
enabled: false
Request you to help to fix this issue.
Regards,
Rituraj