Filebeat kubernetes


#1

hello, I have installed this documentation
https://www.elastic.co/guide/en/beats/filebeat/master/running-on-kubernetes.html#running-on-kubernetes
but I have a problem, logs elasticsearch

[filebeat-6.4.1-2018.09.28] [0] failed to execute bulk item (index) BulkShard
Request [[filebeat-6.4.1-2018.09.28] [0]] containing [10] requests
org.elasticsearch.index.mapper.MapperParsingException: failed to parse [kubernetes.labels.app]

my indexes are in elasticsearch

curl localhost:9200/_cat/indices
yellow open filebeat-6.4.1-2018.09.28 V8uZgvoBQ7KmKEBA9VXE-Q 5 1 29833362 0 41gb 41gb
yellow open filebeat-6.4.1-2018.09.27 TxyduJ9FRxu4CQduQKqxFQ 5 1 4251 0 1.2mb 1.2mb
green open .kibana DgMyQx7QSK659uBo1CccJQ 1 0 3 0 34.3kb 34.3kb

how do i fix this error? I understand it is necessary to remove the filebeat version, but maybe I’m wrong, tell me the solution


#2

At a glance it looks like the (elasticsearch) template that index uses can’t parse out labels.


#3

you can tell me what the problem is?
and I have logs of /var/lib/docker/containers weighing 25 G, and the elasticsearch is written already more than 40 G and is written more…
and I do not understand at all whether this documentation works or I do something wrong