Winlogbeat flooding logstash with warnings. Handler in the pipeline did not handle the exception. Invalid version of beats protocol

Elastic Stack Logstash
1

Newbie to ELK stack here. However, I was able to get winlogbeat --> Logstash --> Elastic. I can see winlogbeat data from kibana, but my logs in logstash are flooded with warnings... should there be a concern?

winlogbeat.yml:

winlogbeat.event_logs:
  - name: Application
    ignore_older: 72h
  - name: System
  - name: Security

output.logstash:
  enabled: true
  hosts: ["x.x.x.x:5044"]
  index: winlogbeat

logstash has a separate pipeline configured for winlogbeat:

input {
  beats {
   port => 5044
  }
}

output {
  elasticsearch {
    hosts => ["x.x.x.x:9200"]
    manage_template => false
    index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
  }
}

Logstash logs

[2019-12-20T10:26:49,716][INFO ][org.logstash.beats.BeatsHandler][winlogbeat] [local: X.X.X.X:5044, remote: X.X.X.X:63834] Handling exception: org.logstash.beats.InvalidFrameProtocolException: Invalid version of beats protocol: 71
[2019-12-20T10:26:49,716][WARN ][io.netty.channel.DefaultChannelPipeline][winlogbeat] An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception.
io.netty.handler.codec.DecoderException: org.logstash.beats.InvalidFrameProtocolException: Invalid version of beats protocol: 71
	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:472) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
	at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:278) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
	at io.netty.channel.AbstractChannelHandlerContext.access$600(AbstractChannelHandlerContext.java:38) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
	at io.netty.channel.AbstractChannelHandlerContext$7.run(AbstractChannelHandlerContext.java:353) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
	at io.netty.util.concurrent.DefaultEventExecutor.run(DefaultEventExecutor.java:66) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
	at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:897) [netty-all-4.1.30.Final.jar:4.1.30.Final]
	at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) [netty-all-4.1.30.Final.jar:4.1.30.Final]
	at java.lang.Thread.run(Unknown Source) [?:1.8.0_231]
Caused by: org.logstash.beats.InvalidFrameProtocolException: Invalid version of beats protocol: 71
	at org.logstash.beats.Protocol.version(Protocol.java:22) ~[logstash-input-beats-6.0.3.jar:?]
	at org.logstash.beats.BeatsParser.decode(BeatsParser.java:62) ~[logstash-input-beats-6.0.3.jar:?]
	at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:502) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:441) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
	... 8 more
2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.