Metricbeat - unable to retrieve license information from license server no available connection

Elastic Stack Logstash
1

This group has always been helpful and hopefully they can help me again.
We created a new cluster and installed 8.6
We have a 3 nodes cluster for Elasticsearch, 2 Logstash and 2 Kibana.

We completed the configuring in our Elastic cluster and in our kibana. We did a curl and see our 3 ES nodes have the same cluster UUID and it shows as healthy.

We installed Logasth and we installed metricbeat. We don't have metricbeat installed anywhere else yet.
We followed the instructions here:

Our problem is when we run

metricbeat test modules

we get the result:

logstash...
  node...
     error... ERROR timeout waiting for an event
 node_stats...
     error... ERROR timeout waiting for an event.

We don't know if this may have something to do but when we enabled xpack.management.enable: true

We get:

[logstash.licensechecker.licensereader] Unable to retrieve license information from license server {:message=>"No Available connections"}

But when we do

metricbeat test output

Everything looks good and ok.

Here is the configuration (elasticsearch.yml) of one of my elasticsearch nodes:

cluster.name: main-cluster
node.name: node-01.mydomain.com
path.data: /data
path.logs: /var/log/elasticsearch/
bootstrap.memory_lock: true
network.host: 192.168.0.98
http.port: 9200
discovery.seed_hosts: ["https://node-1.mydomain.com:9200", "https://node-2.mydomain.com:9200", "https://node-3.mydomain.com:9200"]

cluster.initial_master_nodes: ["https://node-1.mydomain.com:9200", "https://node-2.mydomain.com:9200", "https://node-3.mydomain.com:9200"]

# security settings
xpack.security.enabled: true
xpack.security.autoconfiguration.enabled: false
xpack.security.enrollment.enabled: true
# transport ssl
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.key: certs/node-1.key
xpack.security.transport.ssl.certificate: certs/node-1.crt
xpack.security.transport.ssl.certificate_authorities: certs/ca.crt
## http ssl
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: certs/node-01.key
xpack.security.http.ssl.certificate: certs/node-1.crt
xpack.security.http.ssl.certificate_authorities: certs/ca.crt

My logstah.yml file looks like this:

node.name: logstash-01.mydomain.com
path.data: /var/lib/logstash

api.enabled: true
api.http.host: "logstash-01.mydomain.com"
api.http.port: 9600-9700

api.ssl.enabled: true
api.ssl.keystore.path: /etc/certs/keystore.jks
api.ssl.keystore.password: "password"

config.reload.automatic: true
config.reload.interval: 3s

log.level: debug
path.logs: /var/log/logstash

xpack.management.enabled: true
#xpack.management.pipeline.id: ["main", "apache_logs"]
xpack.management.Elasticsearch.username: elastic
xpack.management.Elasticsearch.password: password
xpack.management.Elasticsearch.hosts: ["https://node-1.mydomain.com:9200", "https://node-2.mydomain.com:9200", "https://node-3.mydomain.com:9200"]
xpack.management.Elasticsearch.ssl.certificate_authority: [ "/etc/certs/ca.crt" ]
xpack.management.Elasticsearch.ssl.keystore.path: /etc/certs/logstash.jks
xpack.management.Elasticsearch.ssl.keystore.password: password
xpack.management.Elasticsearch.ssl.verification_mode: certificate
xpack.management.Elasticsearch.sniffing: false
xpack.management.logstash.poll_interval: 5s

my metricbeat.yml file

#============================  Config Reloading ===============================

metricbeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.period: 10s
  reload.enabled: true

#======================Elasticsearch Template settings#=========================*
setup.template.settings:
  index.number_of_shards: 1
  index.codec: best_compression


 #===============================Kibana==================================*
setup.kibana:
  host: ["http://kiba-01:5601","http://kiba-02:5601"]
  ssl.verification_mode: "none"

  
#=======================Elasticsearch Output==================================
output.elasticsearch:
  hosts: ["https://node-1.mydomain.com:9200", "https://node-2.mydomain.com:9200", "https://node-3.mydomain.com:9200"]
  protocol: "https"
  username: "elastic"
  password: "password"
  ssl.verification_mode: "none"

#=============================Processors===============================
processors:
 -add_host_metadata: ~

#=============================Logging======
# You had this incorrect logging.level=debug
logging.level: debug
#=============================X-Pack Monitoring==============================
# This self enables monitoring of this beat so you don't need the beats-xpack
monitoring.enabled: true

We enabled the logstash-xpack module

# Module: logstash
# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.17/metricbeat-module-logstash.html

- module: logstash
  xpack.enabled: true
  period: 10s
  hosts: ["logstash-01.mydomain.com:9600"]
  username: "elastic"
  password: "pass"
  ssl.verification_mode: "none"
2

Hi @Mary2022

Apologies, I am a bit confused about what are you trying to accomplish ... are you trying to monitor the performance of Logstash or send metrics data through Logstash or both?

Next part I am unclear on...
These settings are for centralized pipeline management which requires a Commercial (i.e. not Basic / Free) License. Did you have a commercial license?

3

@stephenb I am trying to monitor logtash performance (cpu, memory, pipelines,etc) so I can see it in Kibana under monitoring stack. Yes we have a commercial license.

4

Ok so all this is not needed... this is for centralized pipeline management/configuration if you don't need it comment it out.

With respect to monitoring... there is no username and password as far as I know

- module: logstash
  xpack.enabled: true
  period: 10s
  hosts: ["logstash-01.mydomain.com:9600"]
#  username: "elastic"
#  password: "pass"
  ssl.verification_mode: "none"

Did you run metricbeat setup -e

What do the metricbeat logs show? Is it connecting to logstash?

And when you say it is not working does that mean it does not show up in stack management?

Are you already monitoring the cluster? (I have seen where logstash monitoring does not show up unless its associated cluster is monitored)

5

The error still shows up:

logstash...
  node...
     error... ERROR timeout waiting for an event
 node_stats...
     error... ERROR timeout waiting for an event.

I can't uncomment the xpack.management since I need it for my centralize pipeline. That portion is working.

I commented xpack.monitoring.

I did the changes below and ran metricbeat setup -e .

The logs from metricbeat are not been helpful they are in debug mode and don't move . I see a bunch of .ndjson files

I can't import here all the logs metricbeat shows but here are some of the messages

"message" : "Configuration for module logstash modified because xpack.enabled was set to true"
"message": "Deprecated : Treating the CommonName field on X.509 certificate as a host name when no Subject Alternative Names are present is going to be removed. Please update your certificates if needed. Will be removed in version 8.0
"message": " Starting metricbeatsWrapper [module=logstash, name=node, host=logstash-01.mydomain.com:9600]
"message": " Stopped metricbeatsWrapper [module=logstash, name=node, host=logstash-01.mydomain.com:9600]
"message": " Starting metricbeatsWrapper [module=logstash, name=node, host=logstash-01.mydomain.com:9600]
"message": " Stopped metricbeatsWrapper [module=logstash, name=node_stats, host=logstash-01.mydomain.com:9600]

My logstash.yml configuration looks like this now:

node.name: logstash-01.mydomain.com
path.data: /var/lib/logstash

api.enabled: true
api.http.host: 192.159.23.1
api.http.port: 9600-9700

api.ssl.enabled: true
api.ssl.keystore.path: /etc/certs/keystore.jks
api.ssl.keystore.password: "password"

config.reload.automatic: true
config.reload.interval: 3s

log.level: debug
path.logs: /var/log/logstash

#xpack.monitoring.enabled: false


xpack.management.enabled: true
xpack.management.pipeline.id: ["main", "apache_logs"]
xpack.management.Elasticsearch.username: elastic
xpack.management.Elasticsearch.password: password
xpack.management.Elasticsearch.hosts: ["https://node-1.mydomain.com:9200", "https://node-2.mydomain.com:9200", "https://node-3.mydomain.com:9200"]
xpack.management.Elasticsearch.ssl.certificate_authority: [ "/etc/certs/ca.crt" ]
xpack.management.Elasticsearch.ssl.keystore.path: /etc/certs/logstash.jks
xpack.management.Elasticsearch.ssl.keystore.password: password
xpack.management.Elasticsearch.ssl.verification_mode: certificate
xpack.management.Elasticsearch.sniffing: false
xpack.management.logstash.poll_interval: 5s

My metricbeat.yml file looks like this now:

#============================  Config Reloading ===============================

metricbeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.period: 10s
  reload.enabled: true

#======================Elasticsearch Template settings#=========================*
setup.template.settings:
  index.number_of_shards: 1
  index.codec: best_compression

#=======================Dashboards==================================*
setup.dashboards.enabled: false

 #===============================Kibana==================================*
setup.kibana:
  host: ["https://kiba-01:5601","http://kiba-02:5601"]
  host: ["https://kiba-02:5601"]
  ssl.verification_mode: "certificate"

  
#=======================Elasticsearch Output==================================
output.elasticsearch:
  hosts: ["https://node-1.mydomain.com:9200", "https://node-2.mydomain.com:9200", "https://node-3.mydomain.com:9200"]
  protocol: "https"
  username: "elastic"
  password: "password"
  ssl.verification_mode: "certificate"
  ssl.certificate_authorities: ["certs/CA.crt"]
#=============================Processors===============================
processors:
 -add_host_metadata: ~

#=============================Logging======

logging.level: debug
#=============================X-Pack Monitoring==============================

monitoring.enabled: true

my logstash-xpack.yml module looks like this:

- module: logstash
  xpack.enabled: true
  period: 10s
  hosts: ["https://logstash-01.mydomain.com:9600"]
#  username: "elastic"
#  password: "pass"
  ssl.verification_mode: "certificate"
6

@Mary2022 Thanks for the detials

Cool you are using centralized pipeline management

"message": "Deprecated : Treating the CommonName field on X.509 certificate as a host name when no Subject Alternative Names are present is going to be removed. Please update your certificates if needed. Will be removed in version 8.0
"message": " Starting metricbeatsWrapper [module=logstash, name=node, host=logstash-01.mydomain.com:9600]

Your cert does not match the domain name you are using to access logstash
So you are either going to need to try to set verification to none
Fix your cert
Access using the IP or whatever hostname or IP you used to create the cert

- module: logstash
  xpack.enabled: true
  period: 10s
  hosts: ["https://logstash-01.mydomain.com:9600"]
#  username: "elastic"
#  password: "pass"
  ssl.verification_mode: "certificate" <!--- This is the issue with your cert try "none"

you can see / test by by see what is looking

curl -k -v https://logstash-01.mydomain.com:9600

Show us the output of that...

1 Like
7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.