- elasticsearch/
elasticsearch 用于ElasticSearch 6.2.4的filebeat-index-template.json
elasticsearch 用于ElasticSearch 6.2.4的filebeat-index-template.json
我正在运行ElasticSearch 6.2.4。我试图创建Filebeat索引模板,但出现以下错误
{
"error" : {
"root_cause" : [
{
"type" : "mapper_parsing_exception",
"reason" : "No handler for type [string] declared on field [message]"
}
],
"type" : "mapper_parsing_exception",
"reason" : "Failed to parse mapping [_default_]: No handler for type [string] declared on field [message]",
"caused_by" : {
"type" : "mapper_parsing_exception",
"reason" : "No handler for type [string] declared on field [message]"
}
},
"status" : 400
}
{
"mappings": {
"_default_": {
"_all": {
"enabled": true,
"norms": {
"enabled": false
}
},
"dynamic_templates": [
{
"template1": {
"mapping": {
"doc_values": true,
"ignore_above": 1024,
"index": "not_analyzed",
"type": "{dynamic_type}"
},
"match": "*"
}
}
],
"properties": {
"@timestamp": {
"type": "date"
},
"message": {
"type": "string",
"index": "analyzed"
},
"offset": {
"type": "long",
"doc_values": "true"
},
"geoip" : {
"type" : "object",
"dynamic": true,
"properties" : {
"location" : { "type" : "geo_point" }
}
}
}
}
},
"settings": {
"index.refresh_interval": "5s"
},
"template": "filebeat-*"
}
{
"mappings": {
"_default_": {
"dynamic_templates": [
{
"template1": {
"mapping": {
"doc_values": true,
"ignore_above": 1024,
"index": "false",
"type": "{dynamic_type}"
},
"match": "*"
}
}
],
"properties": {
"@timestamp": {
"type": "date"
},
"message": {
"type": "text",
"index": "true"
},
"offset": {
"type": "long",
"doc_values": "true"
},
"geoip": {
"type": "object",
"dynamic": true,
"properties": {
"location": {
"type": "geo_point"
}
}
}
}
}
},
"settings": {
"index.refresh_interval": "5s"
},
"template": "filebeat-*"
}
- 尝试
,但filebeat将永远运行,而不会创建任何内容filebeat-c”/etc/filebeat/filebeat.yml“导出模板>filebeat.template.json - 我尝试将
更改为“类型”:“字符串”
,但遇到另一个错误,其中“类型”:“文本”
不推荐使用\u all - 我也尝试过删除所有的
,但是当Logstash将数据发送到ElasticSearch时,ElasticSearch一直存在解析错误\u
> filebeat -v
Loading config file error: Failed to read /root/filebeat.yml: open /root/filebeat.yml: no such file or directory. Exiting.
> filebeat -v -c "/etc/filebeat/filebeat.yml"
(it struck forever)
Exiting: Could not start registrar: Error loading state: Error decoding states: json: cannot unmarshal object into Go value of type []file.State
我通过
rm/var/lib/filebeat/registryfilebeat export-template>template.json{
"mappings": {
"_default_": {
"_all": {
"enabled": true,
"norms": {
"enabled": false
}
},
"dynamic_templates": [
{
"template1": {
"mapping": {
"doc_values": true,
"ignore_above": 1024,
"index": "not_analyzed",
"type": "{dynamic_type}"
},
"match": "*"
}
}
],
"properties": {
"@timestamp": {
"type": "date"
},
"message": {
"type": "string",
"index": "analyzed"
},
"offset": {
"type": "long",
"doc_values": "true"
},
"geoip" : {
"type" : "object",
"dynamic": true,
"properties" : {
"location" : { "type" : "geo_point" }
}
}
}
}
},
"settings": {
"index.refresh_interval": "5s"
},
"template": "filebeat-*"
}
{
"mappings": {
"_default_": {
"dynamic_templates": [
{
"template1": {
"mapping": {
"doc_values": true,
"ignore_above": 1024,
"index": "false",
"type": "{dynamic_type}"
},
"match": "*"
}
}
],
"properties": {
"@timestamp": {
"type": "date"
},
"message": {
"type": "text",
"index": "true"
},
"offset": {
"type": "long",
"doc_values": "true"
},
"geoip": {
"type": "object",
"dynamic": true,
"properties": {
"location": {
"type": "geo_point"
}
}
}
}
}
},
"settings": {
"index.refresh_interval": "5s"
},
"template": "filebeat-*"
}
{
"acknowledged" : true
}
您可能会注意到,\u all模板也从原始json中删除。为什么?显然是这样的,有很多方法可以使用复制到而不是中所建议的,但我还没有弄明白。在生成模板时,您应该能够使用
-es.version 6.2.4PS > .\filebeat.exe export template --es.version 6.6.2 | Out-File -Encoding UTF8 filebeat.template.json
你正在运行哪个版本的filebeat?@Val,我已经在更新的帖子中为你的问题添加了答案。酷,很高兴你找到了答案!