I get a flood of errors since updating the cluster and filebeat to version 7. My setup consists of a 2 node elasticsearch cluster and a bunch of servers running filebeat with modules (system, auditd and nginx) shipping logs directly to the es cluster. I get these Cannot write to a field alias [hos…

My config: ########################### Filebeat Configuration ############################ #========================== Modules configuration ============================ filebeat.modules: #------------------------------- System Module ------------------------------- - module: system …

Which filebeat versions did you upgrade from? Do you have some more complete logs in the Elasticsearch log files?

From 6.7 or 6.6.1 Here you can have a look at the startup log of filebeat: https://pastebin.com/raw/U2YuPLjw The error messages are so plenty that it fills up disks really fast

Which templates are installed? This looks like a mapping error.

with "filebeat export template" i get this: https://pastebin.com/raw/MM5w16hD Or what do you mean?

I mean the templates already registered with Elasticsearch. curl http://<host>:9200/_template/filebeat* Have you had a Filebeat 5.x installation in the past? In this case you might have a template that overlaps with the Filebeat 6.x/7.x templates.

No filebeat 5.x installed previously, i think 6.4 was current when I setup stuff up for the first time. Anyway heres the output: https://pastebin.com/raw/SU6xBUdj And here the output curling just for filebeat-7*: https://pastebin.com/raw/4QVKrHXZ Thanks for the support so far :smile:

I found this likely very old template in your output: "filebeat": { "order": 1, "index_patterns": [ "filebeat-*" ], "settings": { "index": { "mapping": { "total_fields": { "limit": "10000" } }, "refresh_interval":…

Thanks, deleting that and running filebeat setup again seems to have fixed the issue. I would have never found this, thanks a bunch!

Discuss the Elastic Stack

Filebeat errors after update to version 7

Elastic Stack Beats

Topic		Replies	Views
Upgrade Error: Cannot write to a field alias [host.hostname] Beats filebeat	1	918	November 9, 2021
Filebeat versions from 7.0 - 7.8 fail to create alias field mappings for majority of modules Beats filebeat	5	1292	August 26, 2020
Filebeat on centos8? Beats filebeat	7	2136	April 17, 2020
Exceptions in filebeat logs Beats filebeat	1	769	February 7, 2020
Filebeat dont work properly Beats filebeat	17	1825	June 15, 2020

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.

Filebeat errors after update to version 7

Related topics