At a recently upgraded cluster from version 7.2 to 7.16.1, we tried to update Metricbeat for Kubernetes PODs. However on startup we got the following error:
ERROR metrics/metrics.go:304 error determining cgroups version: error reading /proc/11483/cgroup: open /proc/11483/cgroup: no such file or directory
After some research we assume that this may be related to the currently Open Issue: Monitoring: allow specifying /proc or hostfs path. · Issue #23267 · elastic/beats · GitHub
Then, we tried to go at least to version 7.13. But again we got an error, which I paste below:
2022-02-14T15:14:33.811Z WARN [elasticsearch] elasticsearch/client.go:408 Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xc07aba5664322f24, ext:123112042418, loc:(*time.Location)(0x55f6ac9f4ee0)}, Meta:null, Fields:{"agent":{"ephemera
l_id":"e1a17184-4daa-45b6-a4db-ae06a9f042b7","hostname":"gr-central-prod-backend06","id":"514bfcb6-f987-4ce9-9867-86522b6a86cd","name":"gr-central-prod-backend06","type":"metricbeat","version":"7.13.1"},"ecs":{"version":"1.9.0"},"event":{"dataset":"system.diskio","duration":610911
,"module":"system"},"fields":{"env":"production"},"host":{"disk":{"read.bytes":0,"write.bytes":388341760},"name":"gr-central-prod-backend06"},"metricset":{"name":"diskio","period":30000},"service":{"type":"system"},"tags":["backend"]}, Private:interface {}(nil), TimeSeries:true},
Flags:0x0, Cache:publisher.EventCache{m:common.MapStr(nil)}} (status=400): {"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Limit of total fields [1000] has been exceeded while adding new fields [2]"}}
2022-02-14T15:14:33.811Z WARN [elasticsearch] elasticsearch/client.go:408 Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xc07aba566444ac11, ext:123113254007, loc:(*time.Location)(0x55f6ac9f4ee0)}, Meta:null, Fields:{"agent":{"ephemera
l_id":"e1a17184-4daa-45b6-a4db-ae06a9f042b7","hostname":"gr-central-prod-backend06","id":"514bfcb6-f987-4ce9-9867-86522b6a86cd","name":"gr-central-prod-backend06","type":"metricbeat","version":"7.13.1"},"ecs":{"version":"1.9.0"},"event":{"dataset":"system.network","duration":23067
50,"module":"system"},"fields":{"env":"production"},"host":{"name":"gr-central-prod-backend06","network":{"in":{"bytes":10503604304,"packets":8045067},"out":{"bytes":10188621484,"packets":6522114}}},"metricset":{"name":"network","period":30000},"service":{"type":"system"},"tags":[
"backend"]}, Private:interface {}(nil), TimeSeries:true}, Flags:0x0, Cache:publisher.EventCache{m:common.MapStr(nil)}} (status=400): {"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Limit of total fields [1000
] has been exceeded while adding new fields [2]"}}
We tried to increase the index.mapping.total_fields.limit
to e.g. 2000 but this did not help.
In the end, we had to revert back to version 7.2...
Please for your assistance.