我是elk stack的新手,我正在尝试从logstash output.elasticsearch安装模板,但是当我在json中输入“mappings”键时,我遇到了以下问题: [2020-09-12T15:19:04,321][ERROR][logstash.outputs.elasticsearch] Failed to install template. {:message=>"Got response code '400' contacting Elasticsearch at URL 'http://elasticsearch:9200/_template/maillog'", :class=>"LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError", :backtrace=>["/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/manticore_adapter.rb:80:inperform_request'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:291:in perform_request_to_url'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:278:inblock in perform_request'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:373:in with_connection'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:277:inperform_request'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:285:in block in Pool'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client.rb:352:intemplate_put'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client.rb:86:in template_install'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/template_manager.rb:28:ininstall'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/template_manager.rb:16:in install_template'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/common.rb:130:ininstall_template'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/common.rb:51:in block in setup_after_successful_connection'"]} 这里是我的json模板:
{
"index_patterns": "*-maillog-*",
"settings": {
"index": {
"refresh_interval": "10s",
"number_of_shards": 1,
"number_of_replicas": 0
}
},
"mappings": {
"maillog": {
"properties": {
"ip": { "type": "ip" }
}
}
}
}这里是我的output.elasticsearch:
output {
elasticsearch {
id => "test"
index => "%{[product]}-maillog-%{+YYYY.MM.dd}"
hosts => ["###ELASTIC_HOST###:9200"]
document_type => "maillog"
manage_template => true
template_overwrite => true
template => "${CONF_PATH}/mapping/maillog.json"
template_name => "maillog"
}
}使用此配置,我无法创建模板,但如果我从模板中删除“mappings”键,如下所示:
{
"index_patterns": "*-maillog-*",
"settings": {
"index": {
"refresh_interval": "10s",
"number_of_shards": 1,
"number_of_replicas": 0
}
}
}已经没有问题了。
我的堆栈由3个容器组成:
elasticsearch 7.4.2
logstash 7.4.2
kibana 7.4.2我可能错过了一些东西,但花了很多时间,没有线索来解决这个问题。。。
谢谢你的帮助
1条答案
按热度按时间7rfyedvj1#
您使用的elasticsearch版本7.x不再有类型。
这个
mailog在你的mappings声明将是您在7.x之前版本中的类型,但这在7.x版本中不再起作用,您需要更改mappings对着那个吼叫的人。此外,您还可以删除
document_type在你的elasticsearch输出在logstash,这不再工作。