Can I please ask for a help?
I am using following:
I have following logstash output:
elasticsearch {
hosts => ["es_host"]
ssl => true
user => "user"
password => "password"
template => '/etc/logstash/conf.d/template-default.json'
template_overwrite => true
index => "log-default-%{+yyyy-MM-dd}"
ilm_enabled => false
}
And this is the template:
"order": 1,
"index_patterns": [
"log-default-*",
"log-http-*"
],
"settings": {
"number_of_shards": 6,
"number_of_replicas": 2
},
"mappings": {
"_default_": {
"dynamic_templates": [
{
"ips": {
"match_pattern": "regex",
"match": "^(?:orig_)?(?:src|dst)ip$",
"mapping": {
"type": "ip"
}
}
},
{
"strings": {
"match": "*",
"unmatch": "*message",
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
}
]
}
}
}
When I start logstash, I receive an error as per the following. Does anyone have an idea what could be wrong?
[ERROR][logstash.outputs.elasticsearch] Failed to install template. {:message=>"Got response code '400' contacting Elasticsearch at URL 'https://es-host:443/_template/logstash'
Your template-default.json
file should contain this, ie remove the _default_
key and you're good to go.
{
"order": 1,
"index_patterns": [
"log-default-*",
"log-http-*"
],
"settings": {
"number_of_shards": 6,
"number_of_replicas": 2
},
"mappings": {
"dynamic_templates": [
{
"ips": {
"match_pattern": "regex",
"match": "^(?:orig_)?(?:src|dst)ip$",
"mapping": {
"type": "ip"
}
}
},
{
"strings": {
"match": "*",
"unmatch": "*message",
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
}
]
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.