I am running metricbeat on few system.
sending that data to proxy server.
proxy then sends data to two logstash servers
logstash then parse this and stores records in Elasticsearch.
I am creating my own _id for each record. (_id = hostname+timestamp+metricsetname)
and after upgrading to 8.x and starting using data stream I am started getting this error .
( and yes I need to use my own _id )
I check quite a few time and record exist in Elastic.
but why is this happening? how to avoid it? is something wrong in my setup?
It seems like two logstash servers are receiving same record.
[2023-05-10T17:26:53,457][WARN ][logstash.outputs.elasticsearch][metricbeat_v6_7][ab9f97bc010420ba0b4c62236e64770ec3bd768c9fb6731267f70b2ee75a50ce] Failed action {:status=>409, :action=>["create", {:_id=>"red2906048_2023-05-10T16:26:54.593Z_filesystem_/s0", :_index=>"g2insight-sys-8.5.3", :routing=>nil}, {"metricset"=>{"name"=>"filesystem", "period"=>60000}, "agent"=>{"version"=>"8.5.3"}, "system"=>{"type"=>"cpu", "filesystem"=>{"free_files"=>287568367, "available"=>2934226219008, "type"=>"xfs", "used"=>{"pct"=>0.0031, "bytes"=>9089617920}, "device_name"=>"/dev/md1", "total"=>2943315836928, "free"=>2934226219008, "mount_point"=>"/s0", "files"=>287573568}}, "service"=>{"type"=>"system"}, "@version"=>"1", "tags"=>["beats_input_raw_event"], "@timestamp"=>2023-05-10T16:26:54.593Z, "host"=>{"name"=>"red2906048"}}], :response=>{"create"=>{"_index"=>".ds-insight-sys-8.5.3-2023.05.10-000237", "_id"=>"red2906048_2023-05-10T16:26:54.593Z_filesystem_/s0", "status"=>409, "error"=>{"type"=>"version_conflict_engine_exception", "reason"=>"[red2906048_2023-05-10T16:26:54.593Z_filesystem_/s0]: version conflict, document already exists (current version [1])", "index_uuid"=>"hoXYGGTYSHGlFnF-_K6h-A", "shard"=>"0", "index"=>".ds-insight-sys-8.5.3-2023.05.10-000237"}}}}
here is logstash output section
output {
elasticsearch {
hosts => ["host1:9200","host2:9200"]
index => "%{[@metadata][target_index]}"
document_id => "%{[@metadata][id]}"
user => "${elastic_user}"
password => "${elastic_password}"
action => "create"
manage_template => false
}
}