最近升级到7.17.7 filebeat。使用elasticsearch, kibana和filebeat,都是7.17.7。但是,我无法在kibana中看到日志,因为filebeat没有将日志发送到elasticsearch和kibana。在filebeat看到错误-
ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(http://localhost:9200)): Connection marked as failed because the onConnect callback failed: resource 'filebeat-7.17.7' exists, but it is not an alias
有人能帮我找出这个错误的原因和解决方案吗?
重新启动filebeat,但是没有帮助。
Filebeat config -
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/www/vhosts/rshop/current/var/log/*.log
multiline.pattern: ^[[0-9]{4}-[0-9]{2}-[0-9]{2}
multiline.negate: true
multiline.match: after
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
setup.template.settings:
index.number_of_shards: 3
setup.ilm.enabled: false
setup.kibana:
output.elasticsearch:
hosts: ["localhost:9200"]
indices:
- index: "r-logs-%{[agent.version]}-%{+yyyy.MM.dd}"
when.regexp:
log.file.path: '^.+/var/log/recalculation.log$'
pipelines:
- pipeline: "filebeat-6.8.7-monolog-pipeline"
when.or:
- regexp:
log.file.path: '^.+/var/log/recalculation.log$'
processors:
- add_host_metadata: ~
- add_cloud_metadata: ~
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 7
permissions: 0755
@NKumar很可能是一个从旧索引模板升级到新索引模板的问题,如果你没有在覆盖时将它们标记为true,就会发生这种情况。
你能提供你从哪个版本的堆栈升级到7.17的信息吗?
另外,快速的解决方案是为filebeat索引添加别名,如:
POST /_aliases
{
"actions" : [
{
"add" : {
"index" : "filebeat-7.17.7",
"alias" : "filebeat-7.17.7_1",
"is_write_index" : true
}
}
]}
或者更持久的解决方案是在filebeat中添加以下设置:
setup.template.settings:
setup.template.enabled: true
setup.template.overwrite: true
这是由于filebeat版本7.17,恢复到旧版本它应该能够连接。请检查filebeat 7.17的限制。请注意,Beats版本高于7.12。OpenSearch不支持x。如果必须将环境中的Beats代理更新到新版本,可以通过将流量从Beats引导到Logstash并使用Logstash Output插件将数据获取到OpenSearch来解决不兼容性问题。https://opensearch.org/docs/latest/tools/index/下载