Failed to publish events: temporary bulk send failure

Verdugo_Gonzalo · March 14, 2023, 2:49pm

Hello everyone.
I am trying to modify some parameters of the logs that come from fleet with the "custom logs" integration.

I have created the following pipeline:
LOG LINE:
2023-02-28 09:04:01,937 ERROR [org.jboss.remoting.transport.http.HTTPClientInvoker] (http-172.17.119.148-8180-14) Error creating SSL Socket Factory for client invoker: Error initializing socket factory SSL context: Can not find truststore url.
custom-logs-pipelines

[
  {
    "dissect": {
      "field": "message",
      "pattern": "%{date} %{hour} %{log.level} %{origen} %{url} %{message}"
    }
  }
]

TEST PIPELINE OK:

{
  "docs": [
    {
      "doc": {
        "_index": "_index",
        "_id": "_id",
        "_version": "-3",
        "_source": {
          "date": "2023-02-28",
          "origen": "[org.jboss.remoting.transport.http.HTTPClientInvoker]",
          "message": "Error creating SSL Socket Factory for client invoker: Error initializing socket factory SSL context: Can not find truststore url.",
          "hour": "09:04:01,937",
          "log": {
            "level": "ERROR"
          },
          "url": "(http-172.17.119.148-8180-14)"
        },
        "_ingest": {
          "timestamp": "2023-03-14T14:30:47.06430719Z"
        }
      }
    }
  ]
}

integration configuration:

I also have created a component template

custom-logs@mapping
{
  "properties": {
    "date": {
      "eager_global_ordinals": false,
      "norms": false,
      "index": true,
      "store": false,
      "type": "keyword",
      "split_queries_on_whitespace": false,
      "index_options": "docs",
      "doc_values": true
    },
    "hour": {
      "eager_global_ordinals": false,
      "norms": false,
      "index": true,
      "store": false,
      "type": "keyword",
      "index_options": "docs",
      "split_queries_on_whitespace": false,
      "doc_values": true
    },
    "log": {
      "type": "object",
      "properties": {
        "level": {
          "type": "keyword"
        }
      }
    },
    "origen": {
      "type": "keyword"
    },
    "message": {
      "type": "text"
    },
    "url": {
      "type": "keyword"
    }
  }
}

and finally my index template

This is the message I get after all the configuration

11:47:15.059
elastic_agent.filebeat
[elastic_agent.filebeat][error] failed to publish events: temporary bulk send failure
11:47:16.883
elastic_agent.filebeat
[elastic_agent.filebeat][error] failed to publish events: temporary bulk send failure
11:47:18.433
elastic_agent.filebeat
[elastic_agent.filebeat][error] failed to publish events: temporary bulk send failure
11:47:19.858
elastic_agent.filebeat
[elastic_agent.filebeat][error] failed to publish events: temporary bulk send failure
11:47:21.299
elastic_agent.filebeat
[elastic_agent.filebeat][error] failed to publish events: temporary bulk send failure

I really don't know what I'm failing, any help would be very useful at this time.

Verdugo_Gonzalo · March 21, 2023, 7:45pm

I solved it on my own

system · April 18, 2023, 9:45pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
[ES 8.6.1 & 8.6.2] Fleet's "Custom Logs" integration stops sending logs with "failed to publish events: temporary bulk send failure" message Elastic Agent	1	324	April 5, 2023
Ingest pipeline test: Error publishing events (retrying): temporary bulk send failure Beats filebeat	2	777	July 17, 2018
Error: failed to publish events: temporary bulk send failure Beats filebeat	5	660	April 13, 2022
Pipeline/output.go:180 failed to publish events: temporary bulk send failure Beats filebeat , ingest-pipeline	7	3151	May 3, 2022
Failed to publish events: temporary bulk send failure Beats filebeat	6	5119	October 11, 2021

Failed to publish events: temporary bulk send failure

Related topics