Filebeat connection issue

Hi,
I am getting below error with file beat setup
sudo filebeat setup gives

“Exiting: 1 error: Error checking if xpack is available: 500 Internal Server Error: {“error”:{“root_cause”:[{“type”:“security_exception”,“reason”:“Unexpected exception indices:admin/get”}],“type”:“security_exception”,“reason”:“Unexpected exception indices:admin/get”},“status”:500}”
appreciate if someone can assist

filebeat.yml has this set but its not helping
xpack.monitoring.enabled: false

Elastic Search and Kibana are running but i need to send events using filebeat to ES and display in Kibana.
appreciate if someone can assist

Thanks,
KK

Can you share your filebeat.yml file?

Looks like you are not using the OSS version of Beats which does not have the X-Pack flags. They recently added checks that will not allow the commercially licensed agents/clients communicate with OSS versions of Elasticsearch. I suspect a lot of folks will run into this one.

Make sure you are using this download: Download Filebeat - OSS • Lightweight Log Analysis | Elastic
Not this download: Download Filebeat • Lightweight Log Analysis | Elastic

hi,
Thanks for the reply i am now using filebeat-oss-7.0.0-x86_64.rpm when i do
sudo filebeat setup i still get an error which is

Blockquote
Exiting: 3 errors: Error checking if xpack is available: 500 Internal Server Error: {“error”:{“root_cause”:[{“type”:“security_exception”,“reason”:“Unexpected exception indices:admin/get”}],“type”:“security_exception”,“reason”:“Unexpected exception indices:admin/get”},“status”:500}; Error checking if xpack is available: 500 Internal Server Error: {“error”:{“root_cause”:[{“type”:“security_exception”,“reason”:“Unexpected exception indices:admin/get”}],“type”:“security_exception”,“reason”:“Unexpected exception indices:admin/get”},“status”:500}; Error checking if xpack is available: 500 Internal Server Error: {“error”:{“root_cause”:[{“type”:“security_exception”,“reason”:“Unexpected exception indices:admin/get”}],“type”:“security_exception”,“reason”:“Unexpected exception indices:admin/get”},“status”:500}

so its still not working not sure why
appreciate your help, someone should have got this working for sure so its a puzzle this is not working.

finally this helped
sudo filebeat setup -e --dashboards --pipelines --template

its working
I have just started a long way to go but thanks heaps for your help @carlmead otherwise i would have been stuck for ages

Can anyone share their filebeat configuration please?

I face the same issue even with filebeat oss. Why is it checking for _xpack

Setup:
Centos:
ES 7.6.1 OSS with Opendistro security enabled
File beat https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-oss-7.6.1-linux-x86_64.tar.gz

when i enter ./filebeat setup i get the below errors in filebeat and es

filebeat:
Overwriting ILM policy is disabled. Set setup.ilm.overwrite:true for enabling.

Exiting: request checking for ILM availability failed: 500 Internal Server Error: {“error”:{“root_cause”:[{“type”:“security_exception”,“reason”:“Unexpected exception indices:admin/get”}],“type”:“security_exception”,“reason”:“Unexpected exception indices:admin/get”},“status”:500}

ES:
[2020-08-27T06:11:35,725][INFO ][o.e.c.m.MetaDataMappingService] [node-1] [security-auditlog-2020.08.27/V8TPJbm9T-asyg2hDJRksg] update_mapping [_doc]
[2020-08-27T06:13:07,123][ERROR][c.a.o.s.f.OpenDistroSecurityFilter] [node-1] Unexpected exception [_xpack] InvalidIndexNameException[Invalid index name [xpack], must not start with ''.]
org.elasticsearch.indices.InvalidIndexNameException: Invalid index name [xpack], must not start with ''.

Same issue when i try
./filebeat setup -e --dashboards --pipelines --template

for others who face the same issue: set

setup.ilm.enabled: false

in filebeat.yml then it would work