CODEWITHSUNDEEP
elasticsearchelastic-stackpacketbeat
Nu-ONE
Nu-ONE

Reputation: 699

Packetbeat throws Bulk item insert failed error

Packetbeat throws following error

Bulk item insert failed

When the following processor is added to packetbeat.yml

processors.include_fields.fields: ["http.request.body"]

Error log

2018-06-04T00:37:40.893+0530    ERROR   pipeline/output.go:92   Failed to publish events: temporary bulk send failure
2018-06-04T00:37:40.893+0530    DEBUG   [elasticsearch] elasticsearch/client.go:666 ES Ping(url=http://localhost:9200)
2018-06-04T00:37:40.894+0530    DEBUG   [elasticsearch] elasticsearch/client.go:689 Ping status code: 200
2018-06-04T00:37:40.894+0530    INFO    elasticsearch/client.go:690 Connected to Elasticsearch version 6.2.2
2018-06-04T00:37:40.894+0530    DEBUG   [elasticsearch] elasticsearch/client.go:708 HEAD http://localhost:9200/_template/packetbeat-6.2.4  <nil>
2018-06-04T00:37:40.895+0530    INFO    template/load.go:73 Template already exists and will not be overwritten.
2018-06-04T00:37:40.896+0530    DEBUG   [elasticsearch] elasticsearch/client.go:303 PublishEvents: 1 events have been  published to elasticsearch in 1.245631ms.
2018-06-04T00:37:40.896+0530    DEBUG   [elasticsearch] elasticsearch/client.go:507 Bulk item insert failed (i=0, status=500): {"type":"string_index_out_of_bounds_exception","reason":"String index out of range: 0"}

Environment: elasticsearch version - 6.2.4 packetbeat version - 6.2.4

Upvotes: 0

Views: 1401

Answers (1)

Nu-ONE
Nu-ONE

Reputation: 699

I managed to find the root course for this error. It was when adding following to packetbeat.yml

index: "packetbeat-%{[beat.version]}-%{+yyyy.MM.dd.HH}"

when I removed it problem disappeared. seems to be a bug with custom index naming

Upvotes: 1

Related Questions