Hello,
I'm new with elastic, I'm working with logs that I want to process from them a new fields based on aggregation.
But I got this error:
[ERROR][logstash.outputs.elasticsearch][main] Failed to install template {:message=>"Got response code '400' contacting Elasticsearch at URL 'http://elasticsearch:9200/_template/vlogstash'", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError
This is an example of my logs:
{"log_level":"INFO","timestamp":"2021-12-22T14:54:52.159546Z","event_type":"step1","c_id":"12","c_pid":"123","mit":"123","no_id":"1234","id":"1e32834e-6337-11ec-b9ad-0242ac110004","module":"abc"}
{"log_level":"INFO","timestamp":"2021-12-22T14:54:55.159546Z","event_type":"step2","c_id":"12","c_pid":"123","mit":"123","no_id":"1534","id":"1e32834e-6337-11ec-b9ad-0242ac110004","module":"abc"}
{"log_level":"INFO","timestamp":"2021-12-22T14:54:56.159546Z","event_type":"step3","c_id":"12","c_pid":"123","mit":"123","no_id":"1234","id":"1e32834e-6337-11ec-b9ad-0242ac110004","module":"abc"}
And this is the template i'm using:
{
"template": "vlogstash",
"index_patterns": [
"vlogstash-*"
],
"settings": {
"number_of_shards": 1
},
"mappings": {
"properties": {
"log_level": {
"type": "keyword"
},
"timestamp": {
"type": "date"
},
"event_type": {
"type": "keyword"
},
"capture_res_id": {
"type": "Keyword"
},
"capture_pid": {
"type": "Keyword"
},
"mti": {
"type": "Keyword"
},
"node_id": {
"type": "Keyword"
},
"msg_uuid": {
"type": "Keyword"
},
"module": {
"type": "keyword"
},
"step1Time": {
"type": "double"
},
"step2Time": {
"type": "double"
},
"step3Time": {
"type": "double"
},
"step4Time": {
"type": "double"
},
"delta13": {
"type": "double"
},
"over_all": {
"type": "double"
},
"internal": {
"type": "double"
}
}
}
}