{"log.level":"warn","@timestamp":"2024-09-17T09:27:50.421+0200","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(Client).applyItemStatus","file.name":"elasticsearch/client.go","file.line":489},"message":"Cannot index event '{"@timestamp":"2024-09-17T07:27:50.370Z","type":"flow","source":{"mac":"","ip":"","port":9200,"packets":23,"bytes":22746},"destination":{"ip":"","port":64911,"mac":""},"host":{"architecture":"x86_64","os":{"name":"Windows 10 Enterprise LTSC 2021","kernel":"10.0.19041.4894 (WinBuild.160101.0800)","build":"19044.4894","type":"windows","platform":"windows","version":"10.0","family":"windows"},"id":"c9667b3f-8413-43ee-baa5-ea2e4194b226","ip":[""],"name":"","mac":[""],"hostname":""},"agent":{"ephemeral_id":"2ce9940c-20ac-498a-a6a6-8042a7eded58","id":"27c13e69-cd60-42e2-9fc3-2b5f6e8ffd81","name":"**","type":"packetbeat","version":"8.15.1"},"event":{"dataset":"flow","kind":"event","category":["network"],"action":"network_flow","type":["connection"],"start":"2024-09-17T07:27:20.078Z","end":"2024-09-17T07:27:23.176Z","duration":3097962100},"flow":{"id":"EQQA////DP//////FP8BAAEADCm7oIUAUFaCM8SNNUtWjTVIPfAjj/0","final":false},"network":{"transport":"tcp","community_id":"1:1mrtWe+jMPKAEBEzwSFCv/2ziLM=","bytes":22746,"packets":23,"type":"ipv4"},"ecs":{"version":"8.0.0"}}\n' (status=400): {"type":"illegal_argument_exception","reason":"pipeline with id [packetbeat-8.15.1-routing] does not exist"}, dropping event!","service.name":"packetbeat","log.type":"event","ecs.version":"1.6.0"}
the only two pipelines that are created are:
packetbeat-8.15.1-default and packetbeat-8.15.1-geoip
Been following the instructions here : Packetbeat quick start: installation and configuration | Packetbeat Reference [8.15] | Elastic
No errors during setup, index template, dashboards and pipelines according to logs were loaded.
will try an earlier version of packetbeat now...