Hi,
I am using Elasticsearch, Kibana and Metricbeat 6.1.1. I would like to use a different index name, for Metricbeat, than the default one. But I have problems as shortly follow:
- When I start Metricbeat, with default preferences (index name, pattern etc.), I am able to record the data in Elasticsearch and inspect in Kibana without a problem. (the
metricbeatindex gets created correctly in Elasticsearch) - Then, in the metricbeat.yml file, I simply changed the Elasticsearch
output.elasticsearch.indexto something custom, along with the indicatedsetup.template.nameandsetup.template.patternaccordingly:
output.elasticsearch.index: "my-index-name-%{[beat.version]}-%{+yyyy.MM.dd}"
setup.template.name: "my-index-name"
setup.template.pattern: "my-index-name-*"
- In this case, when Metricbeat starts up, I get the following exception:
failed to execute bulk item (index) BulkShardRequest [[my-index-name][0]] containing [index....] ...
... org.elasticsearch.index.mapper.MapperParsingException: failed to parse [@timestamp] ...
... Caused by: java.lang.IllegalArgumentException: Invalid format: "2018-04-02T07:24:39.162Z"...
- If I comment-out the custom
output.elasticsearch.indexsetting, then all is fine again and the defaultmetricbeatindex is created without problem.
I do not understand why, without modifying any field mappings or other settings, it does not work for
my custom metricbeat index, yet works if I comment the setting out.
I have searched the reference(s) and forum posts for a possible answer. But I fail to understand what I am missing (or doing wrong).
I apologize in advance if the question already has an answer which I failed to find.
Thank you in advance!
Andrei