Can someone help me with the below error?
#filebeat test output -c /etc/filebeat/filebeat.yml
talk to server... ERROR Connection marked as failed because the onConnect callback failed: could not connect to a compatible version of Elasticsearch: unauthorized access, could not connect to the xpack endpoint, verify your credentials
OS version:
Distributor ID: Ubuntu
Description: Ubuntu 18.04.5 LTS
Release: 18.04
Codename: bionic
Elasticsearch version:
7.4
FileBeat version:
filebeat version 7.13.1 (amd64), libbeat 7.13.1 [2d80f6e99f41b65a270d61706fa98d13cfbda18d built 2021-05-28 16:38:20 +0000 UTC]
I am using Elasticsearch Service from AWS and using OSS version of filebeat. It was working fine with filebeat version 7.12.1. When the version got upgraded we are facing this issue.
It is a breaking change in version 7.13.
From version 7.13+ Filebeat will only work with the Elasticsearch distribution from Elastic as it will now check the license, at least at the moment.
It was caused by this change in the code, and there is an open pull request to revert the old behavior.
But at the moment if you are not using the Elasticsearch with Elastic license you can't use any beat from version 7.13+, you will need to revert the version.
Related
I installed elastic and kibana and filebeat in a same ubuntu 22.04 VM and I installed FortiGate 7.2.0 in other VM and i want to collect FortiGate logs with filebeat but I don't receive the FortiGate logs enter image description here
I want to send some nginx logs from fluentd to elasticsearch , however, fluentd is unable to start due to following error message:
The client is unable to verify that the server is Elasticsearch. Some functionality may not be compatible if the server is running an unsupported product.
[error]: #0 unexpected error error_class=Elasticsearch::UnsupportedProductError error="The client noticed that the server is not Elasticsearch and we do not support this unknown product."
This is my fluentd config :
<source>
#type tail
<parse>
#type nginx
</parse>
path /tmp/lab4/nginx/access.log
pos_file /tmp/lab4/nginx/access.po
tag nginx.access
</source>
<match nginx.**>
#type elasticsearch
scheme http
host 192.168.1.154
port 9200
with_transporter_log true
#log_level debug
</match>
If I do a curl http://192.168.1.154:9200 , I can see a response from Elasticsearch with the system version and other info .
For reference I am using :
fluentd version 1.14.5
fluentd elastic-search-plugin 5.2.0
elastic-search 7.12.0
Any idea on what I am doing wrong ?
for anyone who is facing the issue in docker, the below steps solved the issue for me:
need to build the fleutd with the "elasticsearch gem" as per the version of the elasticsearch being used, like below:
Dockerfile:
FROM fluent/fluentd
RUN gem install elasticsearch -v 7.6
RUN gem install fluent-plugin-elasticsearch
RUN gem install fluent-plugin-rewrite-tag-filter
RUN gem install fluent-plugin-multi-format-parser
Mention the es version in the out plugin of es in fluent.conf:
#type elasticsearch
host 10.10.13.21
port 9200
verify_es_version_at_startup false
default_elasticsearch_version 7
In that snapshot, the elasticsearch client gem version (used by fluent-plugin-elasticsearch) is 8.0.0. You are using ElasticSearch v7.12.0 which is evaluated as unsupported.
See https://github.com/elastic/elasticsearch-ruby/blob/ce84322759ff494764bbd096922faff998342197/elasticsearch/lib/elasticsearch.rb#L110-L119.
So, it looks like you need to install an equivalent supported version.
I have installed on a ubuntu machine elasticsearch, kibana and auditbeat so im monitoring the log events on the ubuntu machine. I also installed winglogbeat on a windows machine to monitorize it too and I configured it to send the logs to the elasticsearch on the ubuntu machine.
This is the configuration of the winglogbeat.yml
But when I tried to run the winglogbeat I get the following error when its trying to connect to kibana on the ubuntu machine.
On the ubuntu machine kibana, elasticsearch and auditbeat works properly.
This is the configuration of the elasticsearch.yml:
And this is the kibana.yml configuration:
I just modify the file kibana.yml to allow connections from a remote host:
Server.host: "0.0.0.0"
I installed on Centos8:
elasticsearch version 7.3.1
kibana version 7.3.1
curl -I localhost:9200/status is ok
curl -I localhost:5601/status --> kibana is not ready yet
In machine with centos7 (.226) all is ok
This is kibana log:
Can somebody help me please?
Elasticsearch 7.x.x requires cluster bootstrapping at first launch and Kibana won't start unless Elasticsearch is ready and each node is running Elasticsearch in version 7.x.x.
I will write steps which you would normally do on a real machine, so that anybody else could do the same. In docker it may look similarly, except that you are working in the containers.
Before we kick off, stop kibana and elasticsearch:
service kibana stop
service elasticsearch stop
killall kibana
killall elasticsearch
Make sure it's dead:
service kibana status
service elasticsearch status
Then head into /etc/elasticsearch/ and edit elasticsearch.yml file. Add at the end of the file:
cluster.initial_master_nodes:
- master-a
- master-b
- master-c
Where master-* will be equal to node.name on each node. Save and exit. Start Elasticsearch and then Kibana. On machines with lower memory (~4GB and probably in Docker too, as it normally gives 4GB memory for containers) you may have to start Kibana first, let it "compile", stop it, start Elasticsearch and back Kibana.
On machines with puppet make sure that puppet or cron is not running, just in case not to start off kibana/elastic too early.
Here's source: https://www.elastic.co/guide/en/elasticsearch/reference/master/modules-discovery-bootstrap-cluster.html
So I'm running Kibana on a server in the cloud and I'm getting the following error:
Error: Uncaught ReferenceError: ZeroClipboard is not defined (http://.../index.js?_b=6004:89886)
at window.onerror (http://.../index.js?_b=6004:45829:24)
I've googled this and I've only found people talking about this issue on pre-release versions of Kibana. I'm running version 4.0.2 and I get the same issue when I run 4.0.1. Anyone see this before?
Here's a public url to my kibana server: http://52.7.27.45:5601/
UPDATE:
kibana.yml
port: 5601
host: "0.0.0.0"
elasticsearch_url: "http://...:9200"
elasticsearch_preserve_host: true
kibana_index: ".kibana"
default_app_id: "discover"
ping_timeout: 300000
request_timeout: 300000
shard_timeout: 0
verify_ssl: true
Update 2:
I just tried running kibana on the same instance as one of my elasticsearch nodes and I didn't get this error. This seems to be related to running kibana on a host that isn't running an elasticsearch node. Seems crazy to me...
I had a similar problem in the past and I believe the plugins are not being loaded and in the kibana.yml, you should have the following:
# Plugins that are included in the build, and no longer found in the plugins/ folder
bundled_plugin_ids:
- plugins/dashboard/index
- plugins/discover/index
- plugins/doc/index
- plugins/kibana/index
- plugins/markdown_vis/index
- plugins/metric_vis/index
- plugins/settings/index
- plugins/table_vis/index
- plugins/vis_types/index
- plugins/visualize/index
Related: https://github.com/elastic/kibana/issues/2617