Filebeat 1rc1 Windows does not work with Logstash 2

Omar_Al_Zabir · November 17, 2015, 3:04pm

When I configure filebeat on Windows, my Logstash gives the following error:

{:timestamp=>"2015-11-17T14:50:30.766000+0000", :message=>"Beats input: unhandled exception", :exception=>#<RuntimeError: unsupported protocol 72>, :backtrace=>["/var/logstash-2.0.0/vendor/bundle/jruby/1.9/gems/logstash-input-beats-0.9.6/lib/lumberjack/beats/server.rb:225:in `handle_version'", "/var/logstash-2.0.0/vendor/bundle/jruby/1.9/gems/logstash-input-beats-0.9.6/lib/lumberjack/beats/server.rb:210:in `header'", "/var/logstash-2.0.0/vendor/bundle/jruby/1.9/gems/logstash-input-beats-0.9.6/lib/lumberjack/beats/server.rb:163:in `feed'", "/var/logstash-2.0.0/vendor/bundle/jruby/1.9/gems/logstash-input-beats-0.9.6/lib/lumberjack/beats/server.rb:338:in `read_socket'", "/var/logstash-2.0.0/vendor/bundle/jruby/1.9/gems/logstash-input-beats-0.9.6/lib/lumberjack/beats/server.rb:315:in `run'", "/var/logstash-2.0.0/vendor/bundle/jruby/1.9/gems/logstash-input-beats-0.9.6/lib/logstash/inputs/beats.rb:169:in `invoke'", "org/jruby/RubyProc.java:271:in `call'", "/var/logstash-2.0.0/vendor/bundle/jruby/1.9/gems/concurrent-ruby-0.9.1-java/lib/concurrent/executor/executor_service.rb:515:in `run'", "Concurrent$$JavaExecutorService$$Job_1860096801.gen:13:in `run'"], :level=>:error}

However, Filebeat works on Linux. I am using the same config file in both.

filebeat:
  prospectors:
    -
      paths:
       - C:\inetpub\logs\LogFiles\W3SVC14\*

      input_type: log

      fields:
        system: kanboard
        group: webserver

      fields_under_root: false

      document_type: iis

  registry_file: "C:/ProgramData/filebeat/registry"

  config_dir:

output:

  elasticsearch:

    enabled: true

    hosts: ["kibana.com:5044"]

shipper:

  tags: ["filebeat", "iis"]

Here's the config on Linux that works:

filebeat:
  prospectors:
    -
      paths:
        - /var/log/httpd/*access*

      input_type: log

      fields:
        system: kanboard
        group: webserver

      fields_under_root: true

      document_type: apache

  registry_file: .filebeat

  config_dir:

output:

  logstash:
    enabled: true

    hosts: ["kibana.com:5044"]

shipper:

  tags: ["filebeat"]

Omar_Al_Zabir · November 17, 2015, 3:32pm

sorry my bad. I had the elasticsearch configured on the filebeat yml, not logstash. We can close this issue.

ruflin · November 17, 2015, 3:37pm

Ok, glad you got it working.

michaellizhou · November 24, 2015, 2:14am

@Omar_Al_Zabir can you explain? I got the same error.

Thanks

Omar_Al_Zabir · December 8, 2015, 12:40pm

Both logstash and elasticsearch sections were enabled. I had to comment out the elasticsearch part.