Error parsing postgresql

pollux · May 25, 2018, 12:31pm

I setup filebeat on a ubuntu 18.04 server. filebeat from elastic repo, version 6.2.4

here is the /etc/filebeat/filebeat.ymlfile:

filebeat.config.modules:
  # Glob pattern for configuration loading
  path: ${path.config}/modules.d/*.yml
output:
  elasticsearch:
    hosts: ['es1.fibrea.net:9200', 'es2.fibrea.net:9200', 'es3.fibrea.net:9200']


logging:
  files:
    rotateeverybytes: 10485760 # = 10MB

and in /etc/filebeat/modules.d/postgresql.yml

- module: postgresql
  log:
    enabled: true
    var.paths: ["/var/log/postgresql/postgresql*.log*"]

Here's the log rec that filebeat gave me at start:

2018-05-25T13:53:43.621+0200	WARN	elasticsearch/client.go:502	Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xbeba1c31642e6681, ext:769053823, loc:(*time.Location)(0x200d120)}, Meta:common.MapStr{"pipeline":"filebeat-6.2.4-postgresql-log-pipeline"}, Fields:common.MapStr{"prospector":common.MapStr{"type":"log"}, "beat":common.MapStr{"name":"vm-postgresql-2", "hostname":"vm-postgresql-2", "version":"6.2.4"}, "offset":324862, "message":"2018-05-25 13:53:41.476 CEST [1282] LOG:  écoute sur la socket Unix « /var/run/postgresql/.s.PGSQL.5432 »", "source":"/var/log/postgresql/postgresql-10-main.log", "fileset":common.MapStr{"module":"postgresql", "name":"log"}}, Private:file.State{Id:"", Finished:false, Fileinfo:(*os.fileStat)(0xc42049a680), Source:"/var/log/postgresql/postgresql-10-main.log", Offset:324862, Timestamp:time.Time{wall:0xbeba1c3163f0d62c, ext:765019583, loc:(*time.Location)(0x200d120)}, TTL:-1, Type:"log", FileStateOS:file.StateOS{Inode:0x243a7, Device:0xca01}}}, Flags:0x1} (status=400): {"type":"mapper_parsing_exception","reason":"Failed to parse mapping [doc]: Mapping definition for [error] has unsupported parameters:  [properties : {code={type=long}, message={norms=false, type=text}, type={ignore_above=1024, type=keyword}}]","caused_by":{"type":"mapper_parsing_exception","reason":"Mapping definition for [error] has unsupported parameters:  [properties : {code={type=long}, message={norms=false, type=text}, type={ignore_above=1024, type=keyword}}]"}}

My postgresql.conf file i have this prefix for log:

log_line_prefix=%m [%p] %q%u@%d

Is that a problem with my es cluster ? I have version es 6.2.3.

ruflin · May 28, 2018, 8:51am

Did you upgrade from an older version of Elasticsearch? Did you load the Elasticsearch index template?

It seems there is a conflict in the error field being a long and an object.

pollux · May 29, 2018, 11:26am

You where right !!! I have deleted the existing template and it work now, thanks Ruflin !

system · June 26, 2018, 11:27am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.