I'm facing similar problem and looking for help. Steps to reproduce:
- Environment: new created GCP compute engine, Debian 9, only Docker installed
- Version: Filebeat, Elasticsearch, Kibana, all 6.2.4, Docker image
$ docker network create ebk
$ sudo sysctl -w vm.max_map_count=262144
$ docker run -d --network=ebk --name es1 -p 9200:9200 -p 9300:9300 -e ELASTIC_PASSWORD=<password> -e "ES_JAVA_OPTS=-Xms2g -Xmx2g" -v path/to/data:/usr/share/elasticsearch/data docker.elastic.co/elasticsearch/elasticsearch:6.2.4
$ docker run -d --network=ebk --name kibana -p 5601:5601 -v path/to/kibana.yml:/usr/share/kibana/config/kibana.yml docker.elastic.co/kibana/kibana:6.2.4
$ touch filebeat.yml
Content of filebeat.yml:
filebeat.prospectors:
- type: log
enabled: true
paths: /var/log/*.log
output.elasticsearch:
hosts: ["es1:9200"]
username: elastic
password: <password>
setup.dashboards:
enabled: true
setup.kibana:
host: "kibana:5601"
Everything goes well so far. Then I start filebeat:
$ docker run -d --network=ebk --name fbeat -v path/to/filebeat.yml:/usr/share/filebeat/filebeat.yml -v path/to/log:/var/log --hostname <hostname> docker.elastic.co/beats/filebeat:6.2.4
Each time I start fbeat container, elasticsearch generates 2X lines of same log:
[2018-04-30T08:52:40,438][WARN ][o.e.d.a.a.i.t.p.PutIndexTemplateRequest] Deprecated field [template] used, replaced by [index_patterns]