Filbeat export template

shauryagarg2006 · November 6, 2018, 4:11pm

I am using the version 6.4.2 of filebeat and elasticsearch. I am trying to upload the template into elasticsearch using the setup command. It works fine but when I saw the generated template (also through the filebeat export command) the fields under key: log are missing. The only generated mapping is:

        "log": {
          "properties": {
            "level": {
              "ignore_above": 1024,
              "type": "keyword"
            }
          }
        },

It is missing the other properties like message e.t.c.

And because of this when I am sending docker logs the log.message field is getting indexed as a keyword type where as it should be text.

kvch · November 7, 2018, 7:20pm

Are you using a module? Do you have any special fields? Could you please share your configuration formatted using </>?

shauryagarg2006 · November 7, 2018, 9:50pm

I have not changed the configuration. It is what is supplied when you install the filebeat.
I just installed using sudo apt-get install metricbeat=6.4.2 after which I ran the sudo filebeat export template
The generated output has many fields under keys like logstash, mongodb etc but under logs its the same as what I posted.

kvch · November 8, 2018, 2:49pm

Filebeat does not provide a field named log.message. Where does that field come from?

system · December 6, 2018, 2:49pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat does not create index template Beats filebeat	11	3239	August 31, 2020
Logstash output / dashboard field errors Beats filebeat	1	328	June 13, 2018
Filebeat strict to elasticsearch send only default fields Beats filebeat	5	1368	March 20, 2018
Filebeat.yml logging issue Beats filebeat	3	632	January 28, 2020
Filebeat shipping incomplete logs Beats filebeat	3	692	August 20, 2019

Filbeat export template

Related topics