Filbeat export template

shauryagarg2006 · November 6, 2018, 4:11pm

I am using the version 6.4.2 of filebeat and elasticsearch. I am trying to upload the template into elasticsearch using the setup command. It works fine but when I saw the generated template (also through the filebeat export command) the fields under key: log are missing. The only generated mapping is:

        "log": {
          "properties": {
            "level": {
              "ignore_above": 1024,
              "type": "keyword"
            }
          }
        },

It is missing the other properties like message e.t.c.

And because of this when I am sending docker logs the log.message field is getting indexed as a keyword type where as it should be text.

kvch · November 7, 2018, 7:20pm

Are you using a module? Do you have any special fields? Could you please share your configuration formatted using </>?

shauryagarg2006 · November 7, 2018, 9:50pm

I have not changed the configuration. It is what is supplied when you install the filebeat.
I just installed using sudo apt-get install metricbeat=6.4.2 after which I ran the sudo filebeat export template
The generated output has many fields under keys like logstash, mongodb etc but under logs its the same as what I posted.

kvch · November 8, 2018, 2:49pm

Filebeat does not provide a field named log.message. Where does that field come from?

Topic		Replies	Views
Custom fields.yml Beats filebeat	3	1765	May 28, 2019
Send custom logs to elasticsearch with predefined list of fields Beats filebeat	3	253	September 5, 2023
SOLVED - Index Template for filebeat - fails on fields Beats filebeat	5	3299	May 14, 2019
Filebeat Field Mapping For JSON Logs Beats filebeat	3	4067	August 29, 2018
From filebeat.template.json to fields.yml Beats filebeat	5	2060	June 5, 2018

Filbeat export template

Related topics