[Rspamd-Users] : Logging to Elasticsearch Trouble
JC PAROLA
contact at sels-ingenierie.com
Fri Apr 1 06:21:57 UTC 2022
hi,
i try to connect rspamd to Elasticsearch 8.1 but it's not working
1/i read and use configuration file on
https://rspamd.com/doc/modules/elastic.html but there is error in log
2022-03-28 18:06:19 #7567(controller) lua; elastic.lua:428: cannot put
template to http://xx.xx.xx.xx:xxxx/_template/rspamd: nil(400)
({"error":{"root_cause":[{"type":"illegal_argument_exception","reason":
"legacy template [rspamd] has index patterns [rspamd-*, *-rspamd-*]
matching patterns from existing composable templates [.deprecation-
indexing-template,.kibana-event-log-8.1.1-template,.ml-anomalies-,.ml-
state,.ml-stats,.monitoring-beats-mb,.monitoring-ent-search-
mb,.monitoring-es-mb,.monitoring-kibana-mb,.monitoring-logstash-
mb,.slm-history,.watch-history-16,ecs-logstash,ilm-
history,logs,metrics,synthetics] with patterns (.deprecation-indexing-
template => [.logs-deprecation.*],.kibana-event-log-8.1.1-template =>
[.kibana-event-log-8.1.1-*],.ml-anomalies- => [.ml-anomalies-*],.ml-
state => [.ml-state*],.ml-stats => [.ml-stats-*],.monitoring-beats-mb
=> [.monitoring-beats-8-*],.monitoring-ent-search-mb => [.monitoring-
ent-search-8-*],.monitoring-es-mb => [.monitoring-es-8-*],.monitoring-
kibana-mb => [.monitoring-kibana-8-*],.monitoring-logstash-mb =>
[.monitoring-logstash-8-*],.slm-history => [.slm-history-5*],.watch-
history-16 => [.watcher-history-16*],ecs-logstash => [ecs-logstash-
*],ilm-history => [ilm-history-5*],logs => [logs-*-*],metrics =>
[metrics-*-*],synthetics => [synthetics-*-*]), use composable templates
(/_index_template)
instead"}],"type":"illegal_argument_exception","reason":"legacy
template [rspamd] has index patterns [rspamd-*, *-rspamd-*] matching
patterns from existing composable templates [.deprecation-indexing-
template,.kibana-event-log-8.1.1-template,.ml-anomalies-,.ml-state,.ml-
stats,.monitoring-beats-mb,.monitoring-ent-search-mb,.monitoring-es-
mb,.monitoring-kibana-mb,.monitoring-logstash-mb,.slm-history,.watch-
history-16,ecs-logstash,ilm-history,logs,metrics,synthetics] with
patterns (.deprecation-indexing-template => [.logs-
deprecation.*],.kibana-event-log-8.1.1-template => [.kibana-event-log-
8.1.1-*],.ml-anomalies- => [.ml-anomalies-*],.ml-state => [.ml-
state*],.ml-stats => [.ml-stats-*],.monitoring-beats-mb =>
[.monitoring-beats-8-*],.monitoring-ent-search-mb => [.monitoring-ent-
search-8-*],.monitoring-es-mb => [.monitoring-es-8-*],.monitoring-
kibana-mb => [.monitoring-kibana-8-*],.monitoring-logstash-mb =>
[.monitoring-logstash-8-*],.slm-history => [.slm-history-5*],.watch-
history-16 => [.watcher-history-16*],ecs-logstash => [ecs-logstash-
*],ilm-history => [ilm-history-5*],logs => [logs-*-*],metrics =>
[metrics-*-*],synthetics => [synthetics-*-*]), use composable templates
(/_index_template) instead"},"status":400})
2/for testing, i download lastest version of rspamd with git clone --
recursive https://github.com/rspamd/rspamd.git |
but i can't PUT index template file
contrib/elastic/rspamd_template.json to ELS. It seems not compatible
with ELS 8.1.1
3/rspamd documentation talk about Elasticsearch 6.x <
https://www.elastic.co/>
Where we can find valid configuration to push log to ELS (i can use
filebeat but Rspamd is more efficient for pushing)
many thanks for your help
kings regards
JCP
--
Jean-christophe PAROLA
06 63 22 62 82
More information about the Users
mailing list