Elasticsearch source is too old

I have a test instance running filebeat and attempting to ship the logs to Cribl using the Cribl Elasticsearch API source. The problem I’m running into is that Filebeat 8.2.3 says that the upstream Elasticsearch is too old, and won’t support onConnect Callback. See the log below:

{"log.level":"error","@timestamp":"2022-06-27T18:06:44.767Z","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":150},"message":"Failed to connect to backoff(elasticsearch(http://cribl-worker:9200)): Connection marked as failed because the onConnect callback failed: Elasticsearch 6.8.4 does not support ILM","service.name":"filebeat","ecs.version":"1.6.0"}

Anyone know how we can get filebeat to talk to the Elasticsearch API source in Cribl?

You have to disable ILM with the latest Beats software:

setup.ilm.enabled: false

It helps to read :laughing:. I didn’t see it in the code snippet, so I totally missed it. Thanks for pointing that out!

1 UpGoat