Hi,
Im trying to analyze the queries that came to my ES cluster, I manage to install packetbeat to analyze the http traffic that cames to the port 9200, and Im getting the request (and responses) but Im also having a lot of errors, this is one of the most recurrents
POST /_bulk: first path segment in URL cannot contain colon
The log is quite huge, Im thinking, maybe I should send the logs to logstash and remove the colon, but I don't know which one is the offending field.
Thanks in advance
Hi,
Which version of Packetbeat are you using?
Does that error appear in Packetbeat log? Can you paste the full log, including timestamps, so I can see where this error is coming from?
Hi im using 6.8.0, I think that the error ocurred when I enable this:
> include_body_for: ["text/html", "application/json"]
Can you paste a log snippet so I can see where this error is coming from?
Can you confirm by testing with and without this setting?
Is it possible that you capture a .pcap file that reproduces this issue? (run packetbeat with the --dump file.pcap parameter).
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.