Invalid version of beats protocol


TLS is not enabled on the filebeat or logstash config and im seeing the below error when trying to ingest logs from a fllebeats agent:

[2020-03-16T13:12:20,101][INFO ][][main] [local:, remote:] Handling exception: Invalid version of beats protocol: 71
[2020-03-16T13:12:20,104][WARN ][][main] An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception.

Another error follows but with Invalid version of beats protocol: 69

Logstash Version: 7.6.1 Tried AmazonLinux and Ubuntu 18.04
Filebeats Version 7.6.1 AmazonLinux & Win2019 (also tried 7.4.0 on AmazonLinux)

Filebeat config:

#----------------------------- Logstash output --------------------------------

The Logstash hosts

hosts: [""]

Optional SSL. By default is off.

List of root certificates for HTTPS server verifications

#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

Certificate for SSL client authentication

#ssl.certificate: "/etc/pki/client/cert.pem"

Client Certificate Key

#ssl.key: "/etc/pki/client/cert.key"

Logstash Config:

input {
beats {
port => 5044

A curl test triggers the same error.

Have also configured TLS, verified certs with openssl and get the same errors with TLS enabled.

Enabled debug logging but it didnt provide any further clues as to the cause of the issue from what i could tell.

Any assistance on this would be greatly appreciated.



I had left the below line in the filebeats.yml file comented so it was trying to communicate using the elasticsearch protocol which is not hashed by default:


Thankyou Andrew_Cholakian for this post:

I now have new errors to resolve :slight_smile:

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.