Error parsing postgresql

pollux · May 25, 2018, 12:31pm

I setup filebeat on a ubuntu 18.04 server. filebeat from elastic repo, version 6.2.4

here is the /etc/filebeat/filebeat.ymlfile:

filebeat.config.modules:
  # Glob pattern for configuration loading
  path: ${path.config}/modules.d/*.yml
output:
  elasticsearch:
    hosts: ['es1.fibrea.net:9200', 'es2.fibrea.net:9200', 'es3.fibrea.net:9200']


logging:
  files:
    rotateeverybytes: 10485760 # = 10MB

and in /etc/filebeat/modules.d/postgresql.yml

- module: postgresql
  log:
    enabled: true
    var.paths: ["/var/log/postgresql/postgresql*.log*"]

Here's the log rec that filebeat gave me at start:

2018-05-25T13:53:43.621+0200	WARN	elasticsearch/client.go:502	Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xbeba1c31642e6681, ext:769053823, loc:(*time.Location)(0x200d120)}, Meta:common.MapStr{"pipeline":"filebeat-6.2.4-postgresql-log-pipeline"}, Fields:common.MapStr{"prospector":common.MapStr{"type":"log"}, "beat":common.MapStr{"name":"vm-postgresql-2", "hostname":"vm-postgresql-2", "version":"6.2.4"}, "offset":324862, "message":"2018-05-25 13:53:41.476 CEST [1282] LOG:  écoute sur la socket Unix « /var/run/postgresql/.s.PGSQL.5432 »", "source":"/var/log/postgresql/postgresql-10-main.log", "fileset":common.MapStr{"module":"postgresql", "name":"log"}}, Private:file.State{Id:"", Finished:false, Fileinfo:(*os.fileStat)(0xc42049a680), Source:"/var/log/postgresql/postgresql-10-main.log", Offset:324862, Timestamp:time.Time{wall:0xbeba1c3163f0d62c, ext:765019583, loc:(*time.Location)(0x200d120)}, TTL:-1, Type:"log", FileStateOS:file.StateOS{Inode:0x243a7, Device:0xca01}}}, Flags:0x1} (status=400): {"type":"mapper_parsing_exception","reason":"Failed to parse mapping [doc]: Mapping definition for [error] has unsupported parameters:  [properties : {code={type=long}, message={norms=false, type=text}, type={ignore_above=1024, type=keyword}}]","caused_by":{"type":"mapper_parsing_exception","reason":"Mapping definition for [error] has unsupported parameters:  [properties : {code={type=long}, message={norms=false, type=text}, type={ignore_above=1024, type=keyword}}]"}}

My postgresql.conf file i have this prefix for log:

log_line_prefix=%m [%p] %q%u@%d

Is that a problem with my es cluster ? I have version es 6.2.3.

ruflin · May 28, 2018, 8:51am

Did you upgrade from an older version of Elasticsearch? Did you load the Elasticsearch index template?

It seems there is a conflict in the error field being a long and an object.

pollux · May 29, 2018, 11:26am

You where right !!! I have deleted the existing template and it work now, thanks Ruflin !

system · June 26, 2018, 11:27am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
org.elasticsearch.index.mapper.MapperParsingException: failed to parse [error] Beats filebeat	5	2268	February 6, 2018
Postgres logs not properly parsed by filebeat Beats filebeat	11	3811	July 29, 2018
PostgreSQL grok problem Beats filebeat	12	1463	July 2, 2021
Filebeat Parsing error Beats filebeat	2	524	October 31, 2019
Filebeat doesn't parse postgresql csvlog files Beats filebeat	1	540	March 6, 2019

Error parsing postgresql

Related topics