JVM version:
java version "1.8.0_45"
Java(TM) SE Runtime Environment (build 1.8.0_45-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.45-b02, mixed mode)
OS version:
Red Hat Enterprise Linux Server release 6.8 (Santiago) x86_64
Description of the problem including expected versus actual behavior:
Metricbeat sends system.filesystem.files field with value of 18446744073709551615, which is (2^64 - 1).
Steps to reproduce:
Enable metricset filesystem in metricbeat.modules -> module: system,
Start metricbeat.
Observe the warning in the log.
Provide logs (if relevant): 2016-11-22T05:35:17-05:00 WARN Can not index event (status=400): {"type":"mapper_parsing_exception","reason":"failed to parse [system.filesystem.files]","caused_by":{"type":"json_parse_exception","reason":"Numeric value (18446744073709551615) out of range of long (-9223372036854775808 - 9223372036854775807)\n at [Source: org.elasticsearch.common.bytes.BytesReference$MarkSupportingStreamInputWrapper@39fece1e; line: 1, column: 234]"}}
It looks like the filesystem is reporting -1 for the total number of nodes. The field is defined as being unsigned so a -1 is interpreted incorrectly by things that read that value. (I have seen this before with cephfs.)
What does stat -f <mount_point> show for that filesystem?
You could also setup a filter with a condition like when system.filesystem.files == 18446744073709551615, drop_event. Or your could just drop the system.filesystem.files field.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.