Hello,
I´m new to elasticsearch and today I tried to send some elasticsearch server logs up to my elastic-stack with filebeat, using filebeat modules.
Unfortunately, it didn´t work...
I don´t know how I can fix this or what's going wrong.
I followed the tutorial step by step.
It would be great if somebody could help me.
Here´s one of the logs I found in elasticsearch logs:
[2019-02-18T08:32:56,130][DEBUG][o.e.a.b.TransportShardBulkAction] [nodeOne] [filebeat-6.5.4-2019.02.18][0] failed to execute bulk item (index) index {[filebeat-6.5.4-2019.02.18][doc][TvSF_2gBl-K6nb03pieQ], source[n/a, actual length: [3.9kb], max length: 2kb]}
org.elasticsearch.index.mapper.MapperParsingException: failed to parse field [@timestamp] of type [date]
at org.elasticsearch.index.mapper.FieldMapper.parse(FieldMapper.java:301) ~[elasticsearch-6.5.4.jar:6.5.4]
at org.elasticsearch.index.mapper.DocumentParser.parseObjectOrField(DocumentParser.java:482) ~[elasticsearch-6.5.4.jar:6.5.4]
at org.elasticsearch.index.mapper.DocumentParser.parseValue(DocumentParser.java:606) ~[elasticsearch-6.5.4.jar:6.5.4]
at org.elasticsearch.index.mapper.DocumentParser.innerParseObject(DocumentParser.java:404) ~[elasticsearch-6.5.4.jar:6.5.4]
at org.elasticsearch.index.mapper.DocumentParser.parseObjectOrNested(DocumentParser.java:381) ~[elasticsearch-6.5.4.jar:6.5.4]
at org.elasticsearch.index.mapper.DocumentParser.internalParseDocument(DocumentParser.java:96) ~[elasticsearch-6.5.4.jar:6.5.4]
at org.elasticsearch.index.mapper.DocumentParser.parseDocument(DocumentParser.java:69) ~[elasticsearch-6.5.4.jar:6.5.4]
at org.elasticsearch.index.mapper.DocumentMapper.parse(DocumentMapper.java:280) ~[elasticsearch-6.5.4.jar:6.5.4]
at org.elasticsearch.index.shard.IndexShard.prepareIndex(IndexShard.java:748) ~[elasticsearch-6.5.4.jar:6.5.4]
at org.elasticsearch.index.shard.IndexShard.applyIndexOperation(IndexShard.java:725) ~[elasticsearch-6.5.4.jar:6.5.4]
at org.elasticsearch.index.shard.IndexShard.applyIndexOperationOnPrimary(IndexShard.java:705) ~[elasticsearch-6.5.4.jar:6.5.4]
That's my filebeat config:
filebeat.yml:
#=========================== Filebeat inputs =============================
filebeat.inputs:
- type: log
enabled: false
paths:
- /var/log/*.log
#============================= Filebeat modules ===============================
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
#============================== Kibana =====================================
setup.kibana:
host: "localhost:5601"
#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
hosts: ["localhost:9200"]
processors:
- add_host_metadata: ~
- add_cloud_metadata: ~
modules.d config:
- module: elasticsearch
# Server log
server:
enabled: true
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
var.paths:
- C:/ELK/Test/data/elasticsearch.log.*
gc:
enabled: false
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
#var.paths:
audit:
enabled: false
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
#var.paths:
slowlog:
enabled: false
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
#var.paths:
deprecation:
enabled: false
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
#var.paths: