You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 15, 2020. It is now read-only.
I'm not able to index event in elasticsearch v 2.4.1. The ping beat is successfully connecting to es.
Detected Elasticsearch 2.x. Automatically selecting the 2.x version of the template 2017/08/16 12:54:02.146438 beat.go:221: INFO pingbeat start running. 2017/08/16 12:54:02.146470 pingbeat.go:79: INFO pingbeat is running! Hit CTRL-C to stop it. 2017/08/16 12:54:02.147816 pingbeat.go:107: INFO Using ip4:icmp connection 2017/08/16 12:54:02.992963 client.go:588: INFO Elasticsearch template with name 'pingbeat' loaded
But after that it throw lots of warnings like: client.go:442: WARN Can not index event (status=400): {"type":"mapper_parsing_exception","reason":"Field name [target.addr] cannot contain '.'"}
I think ProcessPing function from pingbeat.go should be adjusted in order to adapt the event fields based on the es version (e.g replace '.' with '_' in the field name for es2x ). event := common.MapStr{ "@timestamp": common.Time(time.Now().UTC()), "type": "pingbeat", "target.name": name, "target.addr": ping.Target, "target.tags": tags, "loss": true, "reason": ping.LossReason, }
I've tried to recompile the pingbeat but it seems that go libraries for beat have been refactored and I've got a lot of errors :D.
Regards,
Adrian.
The text was updated successfully, but these errors were encountered:
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hi Joshua,
I'm not able to index event in elasticsearch v 2.4.1. The ping beat is successfully connecting to es.
Detected Elasticsearch 2.x. Automatically selecting the 2.x version of the template 2017/08/16 12:54:02.146438 beat.go:221: INFO pingbeat start running. 2017/08/16 12:54:02.146470 pingbeat.go:79: INFO pingbeat is running! Hit CTRL-C to stop it. 2017/08/16 12:54:02.147816 pingbeat.go:107: INFO Using ip4:icmp connection 2017/08/16 12:54:02.992963 client.go:588: INFO Elasticsearch template with name 'pingbeat' loaded
But after that it throw lots of warnings like:
client.go:442: WARN Can not index event (status=400): {"type":"mapper_parsing_exception","reason":"Field name [target.addr] cannot contain '.'"}
I think ProcessPing function from pingbeat.go should be adjusted in order to adapt the event fields based on the es version (e.g replace '.' with '_' in the field name for es2x ).
event := common.MapStr{ "@timestamp": common.Time(time.Now().UTC()), "type": "pingbeat", "target.name": name, "target.addr": ping.Target, "target.tags": tags, "loss": true, "reason": ping.LossReason, }
I've tried to recompile the pingbeat but it seems that go libraries for beat have been refactored and I've got a lot of errors :D.
Regards,
Adrian.
The text was updated successfully, but these errors were encountered: