System_api_version [7] is not supported by system_id beats

Urs_Bronk · May 23, 2019, 10:47am

Hi,

I'm trying to monitor my filebeats on Kibana through elasticsearch.

I get the following error:
system_api_version [7] is not supported by system_id

ERROR pipeline/output.go:121 Failed to publish events: 400 Bad Request: {"error":{"root_cause":[{"type":"illegal_argument_exception","reason":"system_api_version [7] is not supported by system_id [beats]"}],"type":"illegal_argument_exception","reason":"system_api_version [7] is not supported by system_id [beats]"},"status":400}

My filebeat.yml

#=========================== Filebeat inputs =============================

filebeat.inputs:

- type: log

  enabled: true
  paths:
- /var/log/pmta/*.csv

  harvester_limit: 20
  scan_frequency: 15s
  ignore_older: 120h
  close_inactive: 5m


#================================ General =====================================

name: everly.mta8.filebeat2
registry_path: /var/lib/filebeat/registry


#================================ Outputs =====================================

#----------------------------- Logstash output --------------------------------
output.logstash:
  hosts: ["remote.everly.com:5044"]
  worker: 16
  bulk_max_size: 4096
  compression_level: 3

  ssl.certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder-remote.everly.com.crt"]

#================================ Logging =====================================


logging.level: info
logging.to_files: true
logging.files:
  path: /var/log/filebeat
  name: filebeat.log
  keepfiles: 3
  rotateeverybytes: 26214400

#============================== Xpack Monitoring ===============================
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch:
 hosts: ["http://remote.everly.com:9200"]

What can possible be the problem?

shaunak · May 23, 2019, 12:11pm

Hi, two quick questions:

What version of Filebeat are you running?
What version of Elasticsearch is running at http://remote.everly.com:9200?

Thanks,

Shaunak

Urs_Bronk · May 23, 2019, 12:47pm

Filebeat 7.0
Elastic 7.0
Logshash 7.0

shaunak · May 23, 2019, 1:12pm

Hmmm, I just spun up the same versions locally and I'm not able to reproduce this issue. Could you post the output of curl http://remote.everly.com:9200 please?

Urs_Bronk · May 23, 2019, 1:47pm

{
"name" : "m1",
"cluster_name" : "everlytic-cluster-e6",
"cluster_uuid" : "hFw2-Sh3Q-OfWA75iCpVUw",
"version" : {
"number" : "6.7.1",
"build_flavor" : "default",
"build_type" : "rpm",
"build_hash" : "2f32220",
"build_date" : "2019-04-02T15:59:27.961366Z",
"build_snapshot" : false,
"lucene_version" : "7.7.0",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}

Apologies I see I have 6.7 installed and not 7.0

shaunak · May 23, 2019, 2:03pm

No worries, glad it wasn't something more serious!

Cheers,

Shaunak

system · June 20, 2019, 2:12pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.