Filebeat and ingest node error

Marcello_A · May 9, 2017, 2:08pm

Hi All,
I installed the latest filebeat 5.4.0 on a CentOS 7 server and i tried to parse the auditd file with the specific module and i redirect the output to an elasticsearch 5.4.0 instance. I noticed an error fro filebeat related to the bulk operation and on elasticsearch i recived this exception:

 [2017-05-09T16:07:26,508][WARN ][r.suppressed             ] path: /_bulk, params: {}
java.lang.IllegalStateException: There are no ingest nodes in this cluster, unable to forward request to an ingest node.

Could you confirm if an ingest node it's required for this module?

Thanks,
Marcello

steffens · May 9, 2017, 2:13pm

All parsing in filebeat modules is done via ingest node.

Marcello_A · May 10, 2017, 7:33am

Thanks for the node it's working now.

Marcello

system · June 7, 2017, 7:36am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.