Filebeat configuration with open distro for Elasticsearch

Hi all ,

unable to connected filebeat oss distr with open distro , like filebeat.yml

Capture1949×799 19.9 KB

filebeat version 7.10.2 (amd64), libbeat 7.10.2 [aacf9ecd9c494aa0908f61fbca82c906b16562a8 built 2021-01-12 23:11:24 +0000 UTC]

Error :

ERROR instance/beat.go:956 Exiting: error loading template: could not load template. Elasticsearch returned: couldn’t load template: 400 Bad Request: {“error”:{“root_cause”:[{“type”:“mapper_parsing_exception”,“reason”:“No handler for type [flattened] declared on field [devices]”}],“type”:“mapper_parsing_exception”,“reason”:“Failed to parse mapping [_doc]: No handler for type [flattened] declared on field [devices]”,“caused_by”:{“type”:“mapper_parsing_exception”,“reason”:“No handler for type [flattened] declared on field [devices]”}},“status”:400}. Response body: {“error”:{“root_cause”:[{“type”:“mapper_parsing_exception”,“reason”:“No handler for type [flattened] declared on field [devices]”}],“type”:“mapper_parsing_exception”,“reason”:“Failed to parse mapping [_doc]: No handler for type [flattened] declared on field [devices]”,“caused_by”:{“type”:“mapper_parsing_exception”,“reason”:“No handler for type [flattened] declared on field [devices]”}},“status”:400}.

Please tell me .

Thanks Advance

[Moved to a better channel]

I’m no expert in this area, but something seems off here: flattened is not part open source elasticsearch.

Please tell me any one

What is the server version, too?

Hi ,

Please check below details .

I mean which version of OpenDistro (and Elasticsearch) are you running?

@sskm

Are you running ODFE or OpenSearch?
Your filebeat tries to connect to http://localhost:9200. Did you disable SSL on HTTP?

Could you send the result of the below commands?

curl -u admin:admin -XGET http://localhost:9200

curl --insecure -u admin:admin -XGET https://localhost:9200

Hi @sskm ,
Did this issue got resolved?

@Zage This issue is over 2 years old. Please open a new thread and describe your problem.