Configuring OSS Beats (File/Metric) with opendistro

Open Source Elasticsearch and Kibana
1

Hi - We installed opendistro successfully and tried to do setup for filebeat/metricbeat for Linux & Windows both.

We downloaded right OSS beat packages as per other threads
https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-oss-6.3.0-linux-x86_64.tar.gz
https://artifacts.elastic.co/downloads/beats/heartbeat/heartbeat-oss-6.3.0-linux-x86_64.tar.gz
https://artifacts.elastic.co/downloads/beats/filebeat/heartbeat-oss-6.3.0-linux-x86_64.tar.gz

ran following command
filebeat setup -e --dashboards --pipelines --template

We tried all versions 7.1.1 to 6.3.0

Error in console →

500 Internal Server Error: {“error”:{“root_cause”:[{“type”:“security_exception”,“reason”:“Unexpected exception indices:admin/get”}],“type”:“security_exception”,“reason”:“Unexpected exception indices:admin/get”},“status”:500}

Exiting: request checking for ILM availability failed: 500 Internal Server Error: {“error”:{“root_cause”:[{“type”:“security_exception”,“reason”:“Unexpected exception indices:admin/get”}],“type”:“security_exception”,“reason”:“Unexpected exception indices:admin/get”},“status”:500}

Error in Elastic search -

[2019-08-19T03:37:43,286][WARN ][r.suppressed ] [node-1] path: /_xpack, params: {index=_xpack}
org.elasticsearch.ElasticsearchSecurityException: Unexpected exception indices:admin/get
at com.amazon.opendistroforelasticsearch.security.filter.OpenDistroSecurityFilter.apply0(OpenDistroSecurityFilter.java:274) [opendistro_security-1.1.0.0.jar:1.1.0.0]
at com.amazon.opendistroforelasticsearch.security.filter.OpenDistroSecurityFilter.apply(OpenDistroSecurityFilter.java:119) [opendistro_security-1.1.0.0.jar:1.1.0.0]
at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:143) [elasticsearch-7.1.1.jar:7.1.1]
at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:121) [elasticsearch-7.1.1.jar:7.1.1]

Please help!!

1 Like
2

try to add into your winlogbeat configuration:

setup.ilm.enabled: false

also follow version compatibility:

3

Hi - does not help.
I wonder why OSS beat version sends xpack commands?

Anyone has gotten beats to work with opendistro?

4

It’s works well with opendistro.
Did you restart a winlogbeat service after changing config?

5

Thank you. It worked for winlogbeat
But does not work for any of the linux beats - file, audit, heart.
Any thoughts on that?

6

From what I understand this is telling you theres some sort of security enabled. Either xpack has been set up or you have users/passwords setup that are preventing the beat from accessing the indices. Check that any of those settings are set correctly and/or turned off. OSS is interesting because they wont talk to a non-oss stack from what I understand but non-oss beats can talk to an oss stack.

2 Likes
7

Same problem with Linux VMs:
According to this info : Troubleshoot - Open Distro Documentation

image
image960Ă—818 57 KB

Anyone can show some examples of how to play with ssl things how to generate client .pem stuff !?

8

I’m still fighting the same error as you. But I did figure out making a client ssl to point at. Go back to where you configured security guard to generate your nodes and root-ca keys. Add the node you want a certificate for in the yml file. Then type searchguard/tools/sgtlstools.sh -crt -c ./search-guard.yml -t ./certs".
This assumes you have a copy of your root signing key in the directory certs