I'm a newbie to ES so pardon the ignorance or if I am posting in the wrong place.
Here is the problem I am facing.
-
Ive set up ES, filebeats, logstash and kibana on my local WIndows 10 machine.
-
I have a sample apache log file that I am working with.
-
It seems that filebeats is parsing the file correctly, since I am getting the following console logs:
"source": "c:\logfiles\apachesample\apache-access\access_log\access_log",
"offset": 2360892,
"message": "46.105.14.53 - - [20/May/2015:21:05:39 +0000] "GET /blog/tags/puppet?flav=rss20 HTTP/1.1" 200 14872 "-" "UniversalFeedParser/4.2-pre-314-svn +http://feedparser.org/"",
"input": {
"type": "log"
},
"prospector": {
"type": "log"
},
"beat": {
"name": "LAPTOP-VLSC3TGE",
"hostname": "LAPTOP-VLSC3TGE",
"version": "6.4.2"
},
"host": {
"name": "LAPTOP-VLSC3TGE"
}
}
However I am not seeing the messages in Kibana.
- Digging into the logstash log messages, I am seeing the following:
[2018-10-24T19:36:21,832][WARN ][logstash.outputs.elasticsearch] Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"demo-index", :_type=>"doc", :_routing=>nil}, #LogStash::Event:0x27bf063c], :response=>{"index"=>{"_index"=>"demo-index", "_type"=>"doc", "id"=>"Zm4UqWYB7oV8CsvWcc0", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"failed to parse [host]", "caused_by"=>{"type"=>"illegal_state_exception", "reason"=>"Can't get text on a START_OBJECT at 1:462"}}}}}
Where have I gone wrong?