FileBeat Setup Error : error loading index pattern: returned 413 to import file: <nil>. Response: {"statusCode":413,"error":"Request Entity Too Large","message":"Payload content length greater than maximum allowed: 1048576"

We are working to capture logs from server to elasticsearch by filebeat. We are getting below issue, while setup the filebeat.

Response: {"statusCode":413,"error":"Request Entity Too Large","message":"Payload content length greater than maximum allowed: 1048576"}

We have added http.max_content_length: 1200mb in elasticsearch.yml and server.maxPayloadBytes: 26214400 in kibana.yml. Still this issue is there.

How to resolve this issue?

Here is the YML files we are using for FileBeat, ElasticSearch & Kibana

FileBeat.yml

filebeat.inputs:

  • type: logenabled: true paths:
    • c:\logs\XXX*
  • type: filestreamenabled: falsepaths:
    • /var/log/*.log

filebeat.config.modules: path: ${path.config}/modules.d/*.yml

reload.enabled: false

setup.template.settings: index.number_of_shards: 1

setup.kibana:

host: "0.0.0.0:0000"
username: "XXXX"
password: "XXXX"

output.elasticsearch: hosts: ["0.0.0.0:0000"]

username: "XXXX" password: "XXXX"

processors:

  • add_host_metadata: when.not.contains.tags: forwarded
  • add_cloud_metadata: ~
  • add_docker_metadata: ~
  • add_kubernetes_metadata: ~

ElasticSearch.yml

  • module: elasticsearch server: enabled: truegc: enabled: trueaudit: enabled: trueslowlog: enabled: truedeprecation: enabled: trueaccess: var.paths: ["/var/logs/XXX/XXX.log"]http.max_content_length: 1200mb

Kibana.yml

  • module: kibanalog: enabled: trueaudit: enabled: trueserver.maxPayloadBytes: 26214400

Welcome to our community! :smiley:
Please format your code/logs/config using the </> button, or markdown style back ticks. It helps to make things easy to read which helps us help you.

That's a little excessive and likely to cause potential OOM issues.

Can you post the actual command you are running and the raw response?