enotspe / fortinet-2-elasticsearch

Fortinet products logs to Elasticsearch
Apache License 2.0
89 stars 39 forks source link

Installation problem: Getting "illegal_argument_exception" error in logstash #50

Open timothydilbert opened 1 year ago

timothydilbert commented 1 year ago

Hello,

After following your implementation guide, I am getting the following error in my logstash logs:

{"create"=>{"_index"=>"logs-fortinet.fortigate.traffic,traffic,traffic-default", "_id"=>nil, "status"=>400, "error"=>{"type"=>"illegal_argument_exception", "reason"=>"data_stream [logs-fortinet.fortigate.traffic,traffic,traffic-default] must not contain the following characters ['\\','/','*','?','\"','<','>','|',' ',',']"}}

I am running FortiOS v7.2.4 and a fresh installation of Logstash on Ubuntu.

Am I reading the above error correctly and Logstash is trying to insert into an index named "logs-fortinet.fortigate.traffic,traffic,traffic-default"? Any ideas on what I can do to troubleshoot?

enotspe commented 1 year ago

Can you post the full error log?