stackoom
  简体   繁体   中英

Logstash output to ES gives me error code '400'

 原文  2021-02-04 14:58:56       amazon-web-services/ elasticsearch/ logging/ logstash

Question

Can I please ask for a help?

I am using following:

  • logstash v.6.1.5
  • AWS ES v.7.9

I have following logstash output:

    elasticsearch {
      hosts => ["es_host"]
      ssl => true
      user => "user"
      password => "password"
      template => '/etc/logstash/conf.d/template-default.json'
      template_overwrite => true
      index => "log-default-%{+yyyy-MM-dd}"
      ilm_enabled => false
    }

And this is the template:

    "order": 1,
    "index_patterns": [
        "log-default-*",
        "log-http-*"
    ],
    "settings": {
        "number_of_shards": 6,
        "number_of_replicas": 2
    },
    "mappings": {
        "_default_": {
            "dynamic_templates": [
                {
                    "ips": {
                        "match_pattern": "regex",
                        "match": "^(?:orig_)?(?:src|dst)ip$",
                        "mapping": {
                            "type": "ip"
                        }
                    }
                },
                {
                    "strings": {
                        "match": "*",
                        "unmatch": "*message",
                        "match_mapping_type": "string",
                        "mapping": {
                            "type": "keyword"
                        }
                    }
                }
            ]
        }
    }
}

When I start logstash, I receive an error as per the following. Does anyone have an idea what could be wrong?

[ERROR][logstash.outputs.elasticsearch] Failed to install template. {:message=>"Got response code '400' contacting Elasticsearch at URL 'https://es-host:443/_template/logstash'

1 answers

solution1
 1 ACCPTED  2021-02-04 15:43:32

Your template-default.json file should contain this, ie remove the _default_ key and you're good to go.

{
  "order": 1,
  "index_patterns": [
    "log-default-*",
    "log-http-*"
  ],
  "settings": {
    "number_of_shards": 6,
    "number_of_replicas": 2
  },
  "mappings": {
    "dynamic_templates": [
      {
        "ips": {
          "match_pattern": "regex",
          "match": "^(?:orig_)?(?:src|dst)ip$",
          "mapping": {
            "type": "ip"
          }
        }
      },
      {
        "strings": {
          "match": "*",
          "unmatch": "*message",
          "match_mapping_type": "string",
          "mapping": {
            "type": "keyword"
          }
        }
      }
    ]
  }
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Logstash conf error - amazon_es Amplify (AWS) Verification Email Gives 400 Bad Request Error Logstash Unable to push logs to ES Configure output as elasticsearch in logstash Cloudformation: AmazonEC2; Status Code: 400; Error Code: Unsupported Getting Error : error creating Lambda Function (1): ValidationException status code: 400 How to send json events to ES with Logstash Plugin for Amazon ES? amazon_es output plugin installation error on an ec2 instance? Aws device farm gives me an error (Install failed no matching abis) Running go gives me - go clang: error: no input files
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM