2019-03-28T14:12:11.091Z ERROR pipeline/output.go:100 Failed to connect to backoff(elasticsearch(http://ip:9200)): Connection marked as failed because the onConnect callback failed: This Beat requires the default distribution of Elasticsearch. Please upgrade to the default distribution of Elasticsearch from elastic.co, or downgrade to the oss-only distribution of beats
2019-03-28T14:12:11.091Z INFO [publish] pipeline/retry.go:189 retryer: send unwait-signal to consumer
2019-03-28T14:12:11.091Z INFO [publish] pipeline/retry.go:191 done
2019-03-28T14:12:11.091Z INFO [publish] pipeline/retry.go:166 retryer: send wait signal to consumer
2019-03-28T14:12:11.091Z INFO [publish] pipeline/retry.go:168 done
2019-03-28T14:12:11.091Z INFO pipeline/output.go:93 Attempting to reconnect to backoff(elasticsearch(http://ip:9200)) with 5 reconnect attempt(s)
2019-03-28T14:12:11.125Z INFO elasticsearch/client.go:739 Attempting to connect to Elasticsearch version 6.7.0
We are having exactly the same problem. All of our Beats stopped sending metrics/logs to Elastic Cloud.
For us the error messages are different though. Here is a part of the error.
ERROR instance/beat.go:907 Exiting: Couldn't connect to any of the configured Elasticsearch hosts. [...] 401 Unauthorized: {"error":{"root_cause":[{"type":"security_exception","reason":"action [cluster:monitor/main] requires authentication","header":{"WWW-Authenticate":["Bearer realm=\"security\"","ApiKey","Basic realm=\"security\" charset=\"UTF-8\""]}}],"type":"security_exception","reason":"action [cluster:monitor/main] requires authentication","header":{"WWW-Authenticate":["Bearer realm=\"security\"","ApiKey","Basic realm=\"security\" charset=\"UTF-8\""]}},"status":401}]
And, I have checked all the authentication credentials. There is nothing different from the previous version. I purged and reinstalled the Beats but it was a no go.
Very similar issue here as well. It seems that 6.7 is badly broken. Filebeat is not pushing anything to Logstash, Metricbeat is pushing info just fine though. And when I try to push the Filebeat modules to Logstash using:
Exiting: Couldn't connect to any of the configured Elasticsearch hosts. Errors: [Error connection to Elasticsearch http://192.168.4.130:5044: Get http://192.168.4.130:5044: read tcp 192.168.1.248:40992->192.168.4.130:5044: read: connection reset by peer]
Trying to connect to Logstash via curl:
[user@host] % curl http://my.ip.address:5044
Gives me the error:
curl: (56) Recv failure: Connection reset by peer
Interestingly enough if I run netstat on the Elastic Stack server I can see that port 5044 has connections to it from two of the three systems that are sending logs, but it doesn't look like the logs are getting sent.
Had a heck of a time getting Kibana and Elasticsearch to stay running, a reboot of my Elastic Stack server finally seems to have fixed that issue, but still not shipping logs to Logstash. I really don't want to downgrade to 6.6 as I'm looking forward to a couple of the features in 6.7, but considering that it is unusable at this point I may have to.
I see the same problem since upgrading from 6.6.2 to 6.7.
Connection marked as failed because the onConnect callback failed: This Beat requires the default distribution of Elasticsearch. Please upgrade to the default distribution of Elasticsearch from elastic.co, or downgrade to the oss-only distribution of beats
HTTP/1.1 400 Bad Request
Warning: 299 Elasticsearch-6.7.0-8453f77 "[types removal] The parameter include_type_name should be explicitly specified in get indices requests to prepare for 7.0. In 7.0 include_type_name will default to 'false', which means responses will omit the type name in mapping definitions."
content-type: application/json; charset=UTF-8
content-encoding: gzip
content-length: 167
Analysing further on Github, I think it might be related to this commit that adds licence check:
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.