I have an endpoint host OS running Winlogbeat and a VMworkstation hosting my ELK stack. I am testing and getting the dashboards is the last step I have. Need help with the script import.
PS C:\Program Files\winlogbeat> curl http://192.168.124.128:9200/?pretty
{
"name" : "Oneg the Prober",
"cluster_name" : "elasticsearch",
"version" : {
"number" : "2.3.5",
"build_hash" : "90f439ff60a3c0f497f91663701e64ccd01edbb4",
"build_timestamp" : "2016-07-27T10:36:52Z",
"build_snapshot" : false,
"lucene_version" : "5.5.0"
},
"tagline" : "You Know, for Search"
}
PS C:\Program Files\winlogbeat>
PS C:\Program Files\winlogbeat>
PS C:\Program Files\winlogbeat> scripts\import_dashboards.exe -es http://192.168.124.128:9200
fail to set the mapping. Error: 400 Bad Request
Create temporary directory C:\Users\jbanacj\AppData\Local\Temp\tmp660014183
Downloading https://artifacts.elastic.co/downloads/beats/beats-dashboards/beats-dashboards-5.2.1.zip
fail to download file: https://artifacts.elastic.co/downloads/beats/beats-dashboards/beats-dashboards-5.2.1.zip
PS C:\Program Files\winlogbeat>
Debug File:
[2017-02-16 20:56:12,545][DEBUG][action.admin.indices.create] [Oneg the Prober] [winlogbeat-2017.02.16] failed to create
MapperParsingException[Failed to parse mapping [default]: No handler for type [keyword] declared on field [related_activity_id]]; nested: MapperParsingException[No handler for type [keyword] declared on field [related_activity_id]];
at org.elasticsearch.cluster.metadata.MetaDataCreateIndexService$1.execute(MetaDataCreateIndexService.java:320)
at org.elasticsearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:45)
at org.elasticsearch.cluster.service.InternalClusterService.runTasksForExecutor(InternalClusterService.java:468)
at org.elasticsearch.cluster.service.InternalClusterService$UpdateTask.run(InternalClusterService.java:772)
at org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedEsThreadPoolExecutor.java:231)
at org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedEsThreadPoolExecutor.java:194)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: MapperParsingException[No handler for type [keyword] declared on field [related_activity_id]]
at org.elasticsearch.index.mapper.object.ObjectMapper$TypeParser.parseProperties(ObjectMapper.java:303)
at org.elasticsearch.index.mapper.object.ObjectMapper$TypeParser.parseObjectOrDocumentTypeProperties(ObjectMapper.java:218)
at org.elasticsearch.index.mapper.object.RootObjectMapper$TypeParser.parse(RootObjectMapper.java:139)
at org.elasticsearch.index.mapper.DocumentMapperParser.parse(DocumentMapperParser.java:118)
at org.elasticsearch.index.mapper.DocumentMapperParser.parse(DocumentMapperParser.java:99)
at org.elasticsearch.index.mapper.DocumentMapperParser.parse(DocumentMapperParser.java:85)
at org.elasticsearch.index.mapper.MapperService.merge(MapperService.java:269)
at org.elasticsearch.cluster.metadata.MetaDataCreateIndexService$1.execute(MetaDataCreateIndexService.java:317)
... 8 more