Hello,
I'm trying to send rsyslog with filebeat to my Elasticsearch cluster
I've added the global path where logs are stored (/var/log/*.log)
filebeat.yml
filebeat.inputs:
- type: log
id: rsyslog
paths:
- /var/log/*.log
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: true
# ======================= Elasticsearch template setting =======================
setup.template.settings:
index.number_of_shards: 1
output.elasticsearch:
hosts: ["https://my-ip:9200"]
protocol: "https"
username: "filebeat_writer"
password: "${FB}"
ssl:
enabled: true
certificate_authorities: ["/etc/filebeat/certs/transport-ca-fullchain.crt"]
setup.kibana:
host: "my-kibana:443"
protocol: "https"
username: "filebeat_writer"
password: "${FB}"
ssl:
enabled: true
certificate_authorities: ["/etc/filebeat/certs/nginx-ca-fullchain.crt"]
I'm also sending other type of logs with filebeat but I don't get any error message and it's works fine.
But for rsyslog configuration, when I'm going on dashboard, I have shards failed message :
{
"took": 2,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 4,
"skipped": 2,
"failed": 1,
"failures": [
{
"shard": 0,
"index": "filebeat-8.9.0",
"node": null,
"reason": {
"type": "no_shard_available_action_exception",
"reason": null
}
}
]
},
"hits": {
"max_score": null,
"hits": []
}
}
I have recently updated my elastic/filebeat/kibana version from 8.9 to 8.9.1, so I think it might cause the problem, but can't fix it
If anyone has the solution or can bring me help, I would appreciate it.
Rob