Beats plugin

i setup syslog server A, with filebeats and then ELK server B.

stuff gets sent from A to B, and for one moment yesterday appeared to make its way to kibana. I then had lunch and it never worked again!

tcpdump shows all comms from A being reset.

ports and configs look correct (I also built another test setup some time ago and this worked)

do i need to install the beats plugin? if so how can i? keep getting
Validating logstash-input-beats
ERROR: Installation aborted, verification failed for logstash-input-beats

DEBUG: exec /opt/logstash/vendor/jruby/bin/jruby --1.9 -J-XX:+UseParNewGC -J-XX:+UseConcMarkSweepGC -J-Djava.awt.headless=true -J-XX:CMSInitiatingOccupancyFraction=75 -J-XX:+UseCMSInitiatingOccupancyOnly -J-XX:+HeapDumpOnOutOfMemoryError -J-Xmx1g -J-XX:HeapDumpPath=/opt/logstash/heapdump.hprof /opt/logstash/lib/pluginmanager/main.rb install logstash-input-beats
ERROR: File /opt/logstash/Gemfile does not exist or is not writable, aborting

bundle install
Fetching source index from https://rubygems.org/
Resolving dependencies...
Could not find gem 'logstash-core (= 2.2.0) ruby' in the gems available on this machine.

That's no good, what did you have for lunch?

What command are you running when you are getting that error?

ok with logstash 2.1 I did not need to install a beats plugin, I had in my last efforts gone down a path of changing too many things - including going from openjava to oracle!
I still havent tried to install plugins, or that yet but the fix was to not have my beats input declaration on two conf files, causing it to error as i ramped up my efforts. i had been creating multiple plugin conf files on my ELK server to deal with inputs.

So just the one input declared now and it all works (tcpdump was showing it as R before)
Do others change their beats port for the different systems?