Comments (5)
Hrm, your old ansible-role-elk has mappings.yml, but more importantly to note, there's a new approach to this in version 6.0. See here and here.
Apparently, the mappings are moved to fields.yml which is a different format... No more template JSON. Normally, if the output were ES, then the "index template [is loaded] automatically after successfully connecting to [ES]". However, with a Logstash output (such is this case) then you must either load the template manually, or bypass Logstash, which is shown in the second option above.
In order to get the template JSON file, you must export it first, e.g.:
metricbeat export template > metricbeat.template.json
filebeat export template > filebeat.template.json
It's not included in the .deb package anymore! Then you can POST it to localhost:9200 as usual.
from ansible-role-beats.
Thought I'd note the old elasticsearch-template-logstash-output.json
from your ELK role is not compatible with ElasticSearch 6.x...
{"error":{"root_cause":[{"type":"mapper_parsing_exception","reason":"Failed to parse mapping [_default_]: No field type matched on [float], possible values are [object, string, long, double, boolean, date, binary]"}],"type":"mapper_parsing_exception","reason":"Failed to parse mapping [_default_]: No field type matched on [float], possible values are [object, string, long, double, boolean, date, binary]","caused_by":{"type":"illegal_argument_exception","reason":"No field type matched on [float], possible values are [object, string, long, double, boolean, date, binary]"}},"status":400}
from ansible-role-beats.
Heyyy @ageis thanks for bringing this up.
I've been loading templates via logstash -- our ELK role is deprecated, no longer being used, and our configs are currently being a private repo. The export part currently looks something like this:
if [type] == "metricsets" {
elasticsearch {
hosts => ["{{logstash_es_proto}}://{{ logstash_es_host }}:{{logstash_es_port}}"]
index => "{{ logstash_metrics_index | default('metrics-logstash-%{+YYYY.MM.dd}') }}"
{% if logstash_metrics_template is defined %}
template => "{{ logstash_template_folder }}/{{ logstash_metrics_template }}"
template_name => "metrics-logstash-custom"
{% endif %}
{% if logstash_es_proto == "https" %}
ssl => true
cacert => "{{ logstash_es_cacert }}"
ssl_certificate_verification => {{logstash_es_verifyssl|default(true)|lower }}
{% endif %}
}
}
# send syslog type events a different consolidated index
#
#
else {
elasticsearch {
hosts => ["{{logstash_es_proto}}://{{ logstash_es_host }}:{{logstash_es_port}}"]
index => "{{ logstash_syslog_index | default('syslog-logstash-%{+YYYY.MM.dd}') }}"
{% if logstash_syslog_template is defined %}
template => "{{ logstash_template_folder }}/{{ logstash_syslog_template }}"
template_name => "syslog-logstash-custom"
{% endif %}
{% if logstash_es_proto == "https" %}
ssl => true
cacert => "{{ logstash_es_cacert }}"
ssl_certificate_verification => {{logstash_es_verifyssl|default(true)|lower }}
{% endif %}
}
}
I guess technically we could as you mention, use beats to import these templates. I don't plan on adding that functionality here but I'd be happy to take PRs! 👼 We should probably get around to opening our logstash role. Its pretty basic though and needs some CI love.
from ansible-role-beats.
note the above logstash template doesnt really work for 6.x since they are deprecating the type
field, going to either start using tags or custom fields. Still trying to figure that bit out.
from ansible-role-beats.
@msheiny Hrm, interesting. After seeing how you've created separate indices for metrics and set the template upon ingesting the events, I am actually curious to see more of what your Logstash input/output chain looks like (I mean after all that Jinja2 logic gets evaluated), so PM me on Gitter if you want or might care to share. It could be helpful to me for a fleet of machines I'm working with these days.
from ansible-role-beats.
Related Issues (12)
- Add ufw logs by default HOT 3
- Check default vars for SSL info
- Replace topbeat with metricbeat HOT 1
- Mixin in CI to this repo
- More resilient metrics logging HOT 2
- Fix validation of configs
- Stop publishing docker container ports to static ports
- Publish to Ansible Galaxy HOT 6
- Refactor CircleCI tests
- Update documentation
- Topbeat event frequency HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible-role-beats.