Hello Team,
I am trying to configure an index template using custom fields with filebeat 8.2.0. I tried various combinations and read through various topics on the forum and the docs, but I couldn't make it work.
The error I am getting is Connection marked as failed because the onConnect callback failed: error loading template: error creating template instance: key not found
. One weird thing is I am getting this even with fields available by default, for example, azure.partition_id
and azure.consumer.group
.
Below is the configuration I am trying to use:
filebeat.inputs:
- type: filestream
id: agent-logs
paths:
- /var/lib/docker/overlay2/*/diff/app/logs-*
processors:
- include_fields:
fields: ["azure.consumer_group","azure.partition_id"]
parsers:
- multiline:
type: pattern
pattern: '^[[:space:]]+(at|\.{3})[[:space:]]+\b|^Caused by:'
negate: false
match: after
fields:
type: "MKS-tasklist-report"
azure.partition_id: tasklist-report
azure.consumer_group: MKS
- type: filestream
id: agent-MKS-cpu-logs
paths:
- /var/lib/docker/overlay2/*/diff/app/logs-cpu-*
processors:
- include_fields:
fields: ["azure.consumer_group","azure.partition_id"]
parsers:
- multiline:
type: pattern
pattern: '^[[:space:]]+(at|\.{3})[[:space:]]+\b|^Caused by:'
negate: false
match: after
fields:
type: "MKS-tasklist-cpu"
azure.partition_id: tasklist-cpu
azure.consumer_group: MKS
processors:
- include_fields:
fields: ["azure.consumer_group","azure.partition_id"]
output.elasticsearch:
protocol: http
hosts: ["http://172.20.118.191:9200"]
ssl.enabled: "false"
ssl.verification_mode: "none"
index: agent-log-template
filebeat.config.inputs:
enabled: true
path: etc/*.yml
reload.enabled: true
reload.period: 30s
setup:
template:
enabled: true
name: agent-log-template
pattern: "agent-%{[fields.type]}" # Both these patterns has same issue
# pattern: "agent-%{[azure.partition_id]}-%{[azure.consumer_group]}"
ilm.enabled: false
dashboards.index: true
append_fields:
- name: azure.consumer_group
type: keyword
- name: azure.partition_id
type: keyword
Thank you.