I have an existing 6.2 stack with 2 logstash pipelines sending to elasticsearch - Winlogbeat and Syslog.
I'm trying to add a third pipeline for packetbeat and I can successfully index the output when sent to elasticsearch but not when sent to logstash. When I send to logstash, it crashes with the following logstash errors:
[2018-03-28T16:18:43,553][INFO ][org.logstash.beats.BeatsHandler] [local: 10.192.2.126:5045, remote: 10.192.10.181:52624] Handling exception: org.logstash.b
eats.BeatsParser$InvalidFrameProtocolException: Invalid Frame Type, received: 69
[2018-03-28T16:18:43,554][WARN ][io.netty.channel.DefaultChannelPipeline] An exceptionCaught() event was fired, and it reached at the tail of the pipeline.
It usually means the last handler in the pipeline did not handle the exception.
io.netty.handler.codec.DecoderException: org.logstash.beats.BeatsParser$InvalidFrameProtocolException: Invalid Frame Type, received: 69
The packetbeat log shows packetbeat connecting and starting, then after a short time shows loss of the connection.
Any suggestion how to further troubleshoot? Or better idea of how to accomplish my goal? I already tried sending the packetbeat outbeat to the existing logstash beats input for Winlogbeat but the crashing was the same.
