Hi, so due to a previous post's issues, I created a new ELK stack on a new machine. Completely re-installed the OS and recreated ELK with filebeats. After the installation and configurations, I get a new error saying
"1 of 2 shards failed
The data you are seeing might be incomplete or wrong."
further detail of the error says this:
{
"took": 0,
"timed_out": false,
"_shards": {
"total": 2,
"successful": 1,
"skipped": 1,
"failed": 1,
"failures": [
{
"shard": 0,
"index": "filebeat-2021.12.17",
"node": "ZmqIIkQOSYiEN2QaQXpvJQ",
"reason": {
"type": "illegal_argument_exception",
"reason": "Text fields are not optimised for operations that require per-document field data like aggregations and sorting, so these operations are disabled by default. Please use a keyword field instead. Alternatively, set fielddata=true on [host.hostname] in order to load field data by uninverting the inverted index. Note that this can use significant memory."
}
}
]
},
"hits": {
"total": 0,
"max_score": 0,
"hits": []
}
}
-Four of these errors pop up under the syslog dashboard of the system module.
-The only thing I have implemented was the system module, which I understood to be prepackaged, and the first time I tried doing this it showed up with no issues.
Now, I believe I only have one shard, so why would it be trying to access two?
And where could the issue lie preventing me from getting accurate log data? I have already taken two steps backwards, when my ultimate goal is to get Mikrotik syslogging functioning, but I am struggling just getting the regular server data to work properly now.
Thanks for any help.