ES version 7.16.2, winlogbeat 7.16.1
Trying to get winlogbeat working on a new cluster. We seem to have got thought the setup phase and started to send data. Each event gets a warning
(status=400): {"type":"illegal_argument_exception","reason":"pipeline with id [winlogbeat-7.16.1-routing] does not exist"}, dropping event!
We have an index created winlogbeat-7.16.1-2022.05.03-000001 and are still running with the elevated privileges needed to do the initial setup.
No errors in the ES logs.
edit:
Hmmm... the ingestion pipeline appear to be a version 8 thing?? We did originally install winlogbeat 8.0 and saw the compatibility warning and reverted to 7.16.1
and we must be using the 8.0 config
winlogbeat.event_logs:
- name: ForwardedEvents
tags: [forwarded]
setup.template.settings:
index.number_of_shards: 1
setup.kibana:
output.elasticsearch:
hosts: ["130.216.5.128:9200"]
protocol: "https"
api_key: "<redactected>"
setup.ilm.check_exists: false
pipeline: "winlogbeat-%{[agent.version]}-routing"
output.elasticsearch.allow_older_versions: true
processors:
- add_host_metadata:
when.not.contains.tags: forwarded
- add_cloud_metadata: ~