Hi Team,
Kindly help us to resolve below error which we are receiving for our custom index created from filebeat cisco asa module.
illegal_argument_exception: index.lifecycle.rollover_alias [ciscobeat-7.6.2] does not point to index [cisco-beat-2020.08.21]
Regards,
Jijo John
Please make sure you bootstrapped the initial index - https://www.elastic.co/guide/en/elasticsearch/reference/current/getting-started-index-lifecycle-management.html#ilm-gs-alias-bootstrap
Hi Mark,
After doing the bootstrap index , its creating a new index with rollover name 000001 but as soon as i start the filebeat service its creating a new index. Please see the screenshot below
What does your Filebeat config look like? Have you configured it to write to the write alias?
Hi Christian,
Below is the filebeat config
index: "cisco-beat-%{+yyyy.MM.dd}"
setup.ilm.enabled: false
setup.template.name: "cisco"
setup.template.pattern: "cisco-*"
and below is the put command used to create an initial bootstrap index
PUT cisco-beat-2020.09.05-000001
{
"aliases": {
"cisco": {
"is_write_index": true
}
}
}
basically i am trying to create a custom index name for cisco asa module so that i can store firewall logs in a separate index and configure separate ilm for that
It is writing to an index with the specified name, which is expected since you have disabled ILM and are not writing to the write alias.
Thank you Christian and Mark , I configured the filebeat with below option and its working fine now .
setup.ilm.enabled: auto
setup.template.name: "cisco-dc"
setup.template.pattern: "cisco-dc-*"
setup.ilm.rollover_alias: "cisco-dc"
setup.ilm.pattern: "{now/d}-000001"
Ran the Command
filebeat setup --ilm-policy
write alias pointed me to the right doc
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.