Hi Team,
I am getting error while configuring filebeat:
{"error":{"root_cause":[{"type":"remote_transport_exception","reason":"[servername][ESIP:9300][indices:admin/template/put]"}],"type":"illegal_argument_exception","reason":"the number of source shards [9] must be a must be a factor of [30]"},"status":400}
I've created a ELK cluster on Ubuntu. Currently trying to configure filebeat to send data to Logstash. Below is what i have done so far:
-
Installed latest Filebeat on app system (suse)
-
Installed the syslog module (not using currently)
-
Configured filebeat the yml:
#==================== Elasticsearch template setting ==========================
setup.template.settings:
index.number_of_shards: 9
_source.enabled: false
index.number_of_replicas: 2
#index.codec: best_compression
#_source.enabled: false
#================================ General =====================================
#----------------------------- Logstash output --------------------------------
output.logstash:
##The Logstash hosts
hosts: ["LOGSTASH_IP:5044"]
- I have disabled Elastic search and kibana parts.
- I did below steps as per guide
filebeat export template > filebeat.template.json
curl -XPUT -H 'Content-Type: application/json' http://ES_IP:9200/_template/filebeat-6.1.2 -d@filebeat.template.json
The curl command is giving me the error i mentioned before.
Can you please help ?