Raphyyy
commented
5 years ago Same here with Logtrail/Kibana 6.6.2
Closed mindcurv-jerald closed 5 years ago
Raphyyy
commented
5 years ago Same here with Logtrail/Kibana 6.6.2
Raphyyy
commented
5 years ago @mindcurv-jerald
I solved this by replacing "keyword_suffix" : "keyword" to "keyword_suffix" : "" in logtrail.json.
I think keyword_suffix should be set to "" by default to avoid this kind of user mistake
sivasamyk
commented
5 years ago The default index template used by filebeat and logstash adds .keyword field of type keyword. And this default logtrail.json works with it. Do you have any custom template/mapping for you index?
mindcurv-jerald
commented
5 years ago Thanks for the help guys!
anilganipineni
commented
5 years ago @sivasamyk , even after adding the "keyword_suffix" : "" to logtrail.josn, no luck.
Here is my logtrail.json configuration.
_*{ "version" : 2, "index_patterns" : [ { "es": { "default_index": "logstash-", "allow_url_parameter": false }, "tail_interval_in_seconds": 10, "es_index_time_offset_in_seconds": 0, "display_timezone": "local", "display_timestamp_format": "YYYY-MMM-DD HH:mm:ss", "max_buckets": 500, "default_time_range_in_days" : 0, "max_hosts": 100, "max_events_to_keep_in_viewer": 5000, "default_search": "", "fields" : { "mapping" : { "timestamp" : "@timestamp", "display_timestamp" : "@timestamp", "hostname" : "host", "program": "program", "message": "log_message" }, "message_format": "[GSP] : {{{log_message}}}", "keyword_suffix" : "" }, "color_mapping" : { "field" : "loglevel", "mapping" : { "ERROR": "#ff3232", "WARN": "#ff7f24", "DEBUG": "#ffb90f", "TRACE": "#a2cd5a" } } } ] }**
We have recently upgraded Kibana and elasticsearch from v6.0.1 to v6.6.1
The issue is that after the kibana/elasticsearch/logtrail upgrade we don't see the hostnames in menu options under All Systems. Before the upgrade there was no issues.
We are pushing logs directly from filebeat to elasticsearch. Following is our logtrail.json file: