It looks like logstash is having an issue with the beats tag as I get the following error:
Caused by: org.logstash.beats.InvalidFrameProtocolException: Invalid version of beats protocol: 69
Handling exception: io.netty.handler.codec.DecoderException: org.logstash.beats.InvalidFrameProtocolException: Invalid version of beats protocol: 71 (caused by: org.logstash.beats.InvalidFrameProtocolException: Invalid version of beats protocol: 71)
I haven't set up filebeat but I know in the past that logstash should still work without filebeat running. Any help would be much appreciated
Those message normally indicate that you have something trying to connect to the port that you configured without using the beats protocol.
Since you said that you haven't set upt filebeat yeat, you probably have something else sending messages to this port in your logstash server using a another protocol, you need to check it with a tcpdump for example.
Generally this means that something that is not speaking the beats protocol is connecting to the input. Amongst the possible causes are:
A beat with SSL enabled connecting to a beat input with SSL disabled
A beat with SSL disabled connecting to a beat input with SSL enabled
A port scanner (on the public internet you can be certain that folks are port scanning you, on a corporate network this may also happen)
Someone else trying to use the same port
In a beat configuration someone uncommented the hosts: line for the logstash output, but left output.logstash commented and output.elasticsearch uncommented, so that the beat starts talking HTTP to the beats input instead of lumberjack
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.