Hi,
I'm sending logs from filebeat to logstash but it I'm getting this error from logstash connecting to elastisearch:
[2021-04-20T10:50:47,200][WARN ][logstash.outputs.elasticsearch][main] 673b0cb9e015302058e251f502b8] Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"filebeat-7.12.0-2021.04.23", :routing=>nil, :_type=>"_doc", :pipeline=>"filebeat-7.12.0-sonicwall-firewall-pipeline"}, #<LogStash::Event:0x591409f5>], :response=>{"index"=>{"_index"=>"filebeat-7.12.0-2021.04.23", "_type"=>"_doc", "_id"=>nil, "status"=>400, "error"=>{"type"=>"illegal_argument_exception", "reason"=>"pipeline with id [filebeat-7.12.0-sonicwall-firewall-pipeline] does not exist"}}}}
I don't understand why filebeat doesn't create the pipeline with setup command :
sudo filebeat setup --pipelines --modules sonicwall
When I run GET _ingest/pipeline/filebeat-7.12.0-* I only get pipelines from cisco :
"filebeat-7.12.0-cisco-ios-pipeline" :{...}
"filebeat-7.12.0-cisco-amp-pipeline" :{...}
...
Here my logstash conf :
input {
beats {
port => 5044
}
}
output {
if [@metadata][pipeline] {
elasticsearch {
hosts => ["localhost:9200"]
manage_template => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
pipeline => "%{[@metadata][pipeline]}"
}
} else {
elasticsearch {
hosts => ["localhost:9200"]
manage_template => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
}
}
stdout{ codec => rubydebug }
}
It's been several days since I try to find an answer but nothing... So please can someone help me understand
Regards,