New FileBeat Version required new "Ingest Pipeline"

joshn · June 17, 2022, 10:46am

hey,

So I updated filebeat on a couple machines and got an error:

"reason"=>"pipeline with id [filebeat-7.17.4-system-syslog-pipeline] does not exist"

After doing some digging, this was because I was previosuly using version 7.17.3.

So I had to manually create a new Ingest Pipeline with:

sudo filebeat setup -E output.logstash.enabled=false -E output.elasticsearch.hosts=['EMEA-ES-01.mydomain.com:9200'] -E setup.kibana.host=EMEA-kibana-01.mydomain.com:5601

Question:

Is there an easier/automated way to go about doing this when filebeat upgrades to a new version in the future?

kelk · June 18, 2022, 3:50pm

What we do is

We create an "ephemeral/container" filebeat instance (eg 7.17.4) with the version you are planning to install
This will complement existing ingest versions (eg 7.17.3). This way you can smoothly upgrade while agents from previous version is also sending data
Do the ingest pipeline setup in Elastic Cluster as a pre-task. Test with an agent before rolling out in PROD
The above is a one time task per Elastic Cluster per Filebeat version

system · July 16, 2022, 3:50pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Ingest Pipeline is not updated on Module Changes Beats filebeat	2	974	July 27, 2018
Elasticsearch ingest pipelines not configured Beats filebeat	4	968	April 22, 2020
Logstash is not creating ingest pipelines Logstash	3	453	July 13, 2021
Filebeat with customized config and ingest_pipeline Elastic Cloud on Kubernetes (ECK)	4	464	December 2, 2022
Ingest Pipeline does not update on filebeat setup Beats filebeat	4	2465	August 30, 2018

New FileBeat Version required new "Ingest Pipeline"

Related Topics