Filbeat with netflow as input and elastic output for oss elastic 7.6.1

shaikmuzakkir · December 4, 2022, 6:26am

Elastic cluster we have is of open source 7.6.1 version. We need filebeat to have netflow as input and elastic as output to write to our cluster. With filebeat open source, netflow is not enabled as input

ERROR instance/beat.go:971 Exiting: Failed to start crawler: starting input failed: Error while initializing input: Error creating input. No such input type exist: 'netflow'
Exiting: Failed to start crawler: starting input failed: Error while initializing input: Error creating input. No such input type exist: 'netflow'

and with filebeat licensed, it’s looking for /_license endpoint.

Connection marked as failed because the onConnect callback failed: cannot retrieve the elasticsearch license from the /_license endpoint, Filebeat requires the default distribution of Elasticsearch. Please make the endpoint accessible to Filebeat so it can verify the license.: could not retrieve the license information from the cluster: 500 Internal Server Error: {"error":{"root_cause":[{"type":"security_exception","reason":"Unexpected exception indices:admin/get"}],"type":"security_exception","reason":"Unexpected exception indices:admin/get"},"status":500}

Could you please let me know what version/edition of filebeat can help read netflow data and write to elastic opensource?

warkolm · December 5, 2022, 12:35am

FYI 7.6 is very much EOL and you should be looking to upgrade as a matter of urgency.

Correct, this is not an open source module.

shaikmuzakkir · December 5, 2022, 10:36am

Hi @warkolm ,

Thanks for your response. Do you know if the non oss version or the licensed version of filebeat can write to opensource elastic? If yes can you please help identify the appropriate version of filebeat that can read from netflow and write to opensource elastic 7 .6.1?

Thanks,
Muzakkir

warkolm · December 5, 2022, 7:56pm

Please see Support Matrix | Elastic.

shaikmuzakkir · December 6, 2022, 7:09am

Hi @warkolm ,

Thanks for the reponsne. I have used filebeat 7.12.x, 7.11.x version of filebeat - beats/filebeat:7.12.1 | Docker @ Elastic to write to elastic oss 7.6.1 but see the error:

Connection marked as failed because the onConnect callback failed: cannot retrieve the elasticsearch license from the /_license endpoint, Filebeat requires the default distribution of Elasticsearch. Please make the endpoint accessible to Filebeat so it can verify the license.: could not retrieve the license information from the cluster: 500 Internal Server Error: {"error":{"root_cause":[{"type":"security_exception","reason":"Unexpected exception indices:admin/get"}],"type":"security_exception","reason":"Unexpected exception indices:admin/get"},"status":500}

Can you please let me know how to overcome this issue?

Thanks,
Muzakkir

system · January 3, 2023, 9:10am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.