"Could not retrieve remote IP address for beats input."
I see this warning regularly. (even though the comment says it should never happen)
My setup is 6.0.0-rc1
beats are running on a remote server in docker containers.
ELK stack is deployed with this docker-compose repo:
decomposed/elk
It uses the official elastic docker images.
Any advice how to troubleshoot this error message?
More details:
In bursts of less than 0.1 seconds, I get around 30 of these errors:
[2017-10-23T14:59:17,540][WARN ][logstash.inputs.beats ] Could not retrieve remote IP address for beats input.
... 30 more...
[2017-10-23T14:59:17,549][WARN ][logstash.inputs.beats ] Could not retrieve remote IP address for beats input.
There are 3 events that were stashed at 14:59:17.019 - one ajax request (got a 200) and two gitlab runner requests (got 204s) All three have remote_ip fields with valid ips (one is a 172 address from another docker container on the same box)
Again I ask for help to troubleshoot/investigate, as the error does not explicitly tie itself to a specific request...
After updating to version 6 of the ELK stack I've had similar issues, along with documents not being able to be indexed because they have 2 document types (this seems to be related to old plugins not having been properly updated).
Have you found any fix for this?
Both errors happen for me too
[2017-11-16T13:38:41,327][WARN ][logstash.outputs.elasticsearch] Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"filebeat-2017.11.15", :_type=>"doc", :_routing=>nil}, #<LogStash::Event:0x3f81832e>], :response=>{"index"=>{"_index"=>"filebeat-2017.11.15", "_type"=>"doc", "_id"=>"uH7WxF8BDa1ley8Gmc9y", "status"=>400, "error"=>{"type"=>"illegal_argument_exception", "reason"=>"Rejecting mapping update to [filebeat-2017.11.15] as the final mapping would have more than 1 type: [log, doc]"}}}}
[2017-11-16T13:38:41,328][WARN ][logstash.inputs.beats ] Could not retrieve remote IP address for beats input.Same issue opened a ticket here: https://github.com/logstash-plugins/logstash-input-beats/issues/269
Going to: vim /usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-beats-5.0.2-java/lib/logstash/inputs/beats/message_listener.rb
And deleting:
begin
hash.get("@metadata").put("ip_address", ctx.channel().remoteAddress().getAddress().getHostAddress())
rescue #should never happen, but don't allow an error here to stop beats input
input.logger.warn("Could not retrieve remote IP address for beats input.")
end
Fixes the issue.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.