Last active
February 28, 2020 21:11
-
-
Save thisismitch/3429023e8438cc25b86c to your computer and use it in GitHub Desktop.
Filebeat configuration with comments removed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "mappings": { | |
| "_default_": { | |
| "_all": { | |
| "enabled": true, | |
| "norms": { | |
| "enabled": false | |
| } | |
| }, | |
| "dynamic_templates": [ | |
| { | |
| "template1": { | |
| "mapping": { | |
| "doc_values": true, | |
| "ignore_above": 1024, | |
| "index": "not_analyzed", | |
| "type": "{dynamic_type}" | |
| }, | |
| "match": "*" | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "@timestamp": { | |
| "type": "date" | |
| }, | |
| "message": { | |
| "type": "string", | |
| "index": "analyzed" | |
| }, | |
| "offset": { | |
| "type": "long", | |
| "doc_values": "true" | |
| }, | |
| "geoip" : { | |
| "type" : "object", | |
| "dynamic": true, | |
| "properties" : { | |
| "location" : { "type" : "geo_point" } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "settings": { | |
| "index.refresh_interval": "5s" | |
| }, | |
| "template": "filebeat-*" | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| filebeat: | |
| prospectors: | |
| - | |
| paths: | |
| - /var/log/secure | |
| - /var/log/messages | |
| # - /var/log/*.log | |
| input_type: log | |
| document_type: syslog | |
| registry_file: /var/lib/filebeat/registry | |
| output: | |
| logstash: | |
| hosts: ["elk_server_private_ip:5044"] | |
| bulk_max_size: 1024 | |
| tls: | |
| certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"] | |
| shipper: | |
| logging: | |
| files: | |
| rotateeverybytes: 10485760 # = 10MB |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| filebeat: | |
| prospectors: | |
| - | |
| paths: | |
| - /var/log/auth.log | |
| - /var/log/syslog | |
| # - /var/log/*.log | |
| input_type: log | |
| document_type: syslog | |
| registry_file: /var/lib/filebeat/registry | |
| output: | |
| logstash: | |
| hosts: ["elk_server_private_ip:5044"] | |
| bulk_max_size: 1024 | |
| tls: | |
| certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"] | |
| shipper: | |
| logging: | |
| files: | |
| rotateeverybytes: 10485760 # = 10MB |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I got the same error when running Elasticsearch 6.X
"string" is no longer an acceptable type so it needs to be changed to TEXT and the index to TRUE rather than "analyzed":
Then I got a different error:
"Failed to parse mapping [_default_]: Enabling [_all] is disabled in 6.0. As a replacement, you can use [copy_to] on mapping fields to create your own catch all field.",Apparently the
_allfield no longer exists and you can either not create it at all or if you want to usecopy_toto create your own_allfield:https://discuss.elastic.co/t/elasticsearch-6-and-the-disappearing--all-field/85871/6
Once I removed the _all bit it worked.