Error with fiebeat

[Aravind Krish]

Hello, I am getting below error in wazuh-manager and worker pods"2021-06-03T09:06:18.351Z        ERROR   [publisher_pipeline_output]     pipeline/output.go:154  Failed to connect to backoff(elasticsearch(https://wazuh-elasticsearch-0.wazuh-elasticsearch:9200)): Connection marked as failed because the onConnect callback failed: Filebeat requires the default distribution of Elasticsearch. Please update to the default distribution of Elasticsearch for full access to all free features, or switch to the OSS distribution of Filebeat."Can you help to fix this? I thought that the URL to cluster IP of elasticsearch is having issue, and I tried to change it in the manifest env. When I do kubectl describe, I can the see the IP's are taking effect. But the filebeat.ym is still having the URL in the error I mentioned. Any help to fix this.

Regards,

Aravind

[Robin Costas]

Hello Aravind,

It seems like the problem is related to a version mismatch between Filebeat and Elasticsearch. Since the release of X-Pack, Elasticsearch now has two types of releases for their products, an OSS version, and an X-Pack version.

Your Filebeat is non-OSS and you Elasticsearch is OSS you you have tow options:

• Change the Filebeat version to OSS (filebeat-oss download page).
• Change the Elasticsearch version to the licensed one (elasticsearch download page).

Check the Support Matrix to see which version to choose.

Best regards,

Robin.