"Saved 'field' parameter is now invalid" for SSH login attempts

tuxedojoe · November 27, 2018, 9:42pm

Hi,

I'm very new to ELK and followed this guide:

It all went relatively smooth until I got the stack running. The imported dashboards is not working. I get the logs but all the preloaded dashboards give me a: "Saved 'field' parameter is now invalid" error.

The logs are there but the dashboards are not working. Have I imported a old versions of dashboards? How to remove and install new ones?

Or how do I proceed otherwise?

I've recently updated everything to the latest version. 6.5.1. Running on Ubuntu 18.04.

kvch · November 30, 2018, 8:53am

There is an open issue with this problem: Saved `field` parameter is now invalid. · Issue #6489 · elastic/beats · GitHub

I have found a possible workaround on the forum:

tuxedojoe · December 4, 2018, 7:14pm

Thanks. But I only have filebeat, not metricbeat. Can I do the same procedure for filebeat? And if so, how?

tuxedojoe · December 4, 2018, 7:41pm

I deleted the indexes from filebeat using curl -XDELETE http://localhost:9200/*

Then I loaded the template again:
sudo filebeat setup --template -E output.logstash.enabled=false -E 'output.elasticsearch.hosts=["localhost:9200"]'

And then finally loaded dashboards again with
sudo filebeat setup -e -E output.logstash.enabled=false -E output.elasticsearch.hosts=['localhost:9200'] -E setup.kibana.host=localhost:5601

That solved it. However, now I only get new logs (created after I created the new indexes. How do I fix that?

system · January 1, 2019, 7:41pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.