I'm newbie to elasticsearch. What I want to do is to gather logs with filebeat from kubernetes cluster and send them to elasticsearch. My filebeat config file looks like this:
`filebeat.yml: |
filebeat.inputs:
- type: container
paths:- /var/log/containers/*.log
processors: - add_kubernetes_metadata:
host: ${NODE_NAME}
matchers:- logs_path:
logs_path: "/var/log/containers/"`
- logs_path:
- /var/log/containers/*.log
I am outputting to elasticsearch,but I cant show the config. I don't have access to elasticsearch instance I only have access to kibana where I can add index pattern to match logs from elasticsearch. I see logs from file beat where it's written that:
"Failed to parse mapping [_doc]: mapper [user_agent.version] cannot be changed from type [text] to [keyword]","caused_by":{"type":"illegal_argument_exception","reason":"mapper [user_agent.version] cannot be changed from type [text] to [keyword]"}}
What I found in docs is this: https://www.elastic.co/.../7.17/user-agent-processor.html , but I can't find how to disable this processor or even better how to omit this one field which is causing the error.
I would highly appreciate any help.