Index_template does not gets installed into ES 7.10.2

[mxb78]

I'm having problems to see any events/alert or any other data since I upgraded ES from 6.x to 7.10.2. Logstash index is there. Looks like template for es7 does not get installed? Running evebox as a docker image with '-vvv' for extra DEBUG and see no output from log::info!("Installing template {}", &template). Any ideas?

[mxb78]

Current template for ES 7.x is not accepted by ES 7.10.2. "settings" , "mapping" etc need to be wrapped in side "template": {}. I managed to upload modified template, however no luck with getting any data in Evebox.

[mxb78]

as of ES 7.8 current template falls under legacy and I get deprecation warning. No data in Evebox yet visible.

[jasonish]

How do you add your events to Elasticsearch?

On Thu, Jan 21, 2021 at 2:48 PM mxb78 notifications@github.com wrote:

as of ES 7.8 current template falls under legacy and I get deprecation warning. No data in Evebox yet visible.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/jasonish/evebox/issues/152#issuecomment-764927353, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAE5IE6RWISDDGCGHFKILSLS3CHIFANCNFSM4WLGJYZQ .

[mxb78]

[root@ntop ~]# cat /etc/logstash/conf.d/30-output.conf output { elasticsearch { hosts => ["http://10.78.100.40"] index => "logstash-%{+YYYY.MM.dd}"

user => "elastic"

#password => "changeme"

} }

As mentioned, all been working well with ES 6.8.x

[mxb78]

I managed to add current template as a legacy one. However evebox does not gives any output or any other indications/errors. I run "PUT /_template/logstash {