@sharon92 and @grad you are likely using beats modules that are licensed under the Elastic X-Pack license, rather than Apache 2. Since beats cannot get an X-Pack license for these “features” when it checks Elasticsearch, it throws the error you are seeing. You will need to either disable use of these modules, or use the OSS versions of Beats.
Some of the modules Licensed under X-Pack include Netflow, Suricata and others. If you are interested in solutions for these kinds of data - MUCH better solutions actually - take a look at…
ElastiFlow - for Netflow, IPFIX and sFlow
(Elastic based the Logstash Netflow Module on ElastiFlow 1.0.0)
synesis_lite_syslog - Syslog Collection
synesis_lite_suricata - Suricata EVE JSON Logs
synesis_lite_snort - Snort fast alert Logs
ElastiFlow and the Syslog solutions have been updated for Elastic Stack 7.x, and the other two will be updated within the next couple of weeks. I am also working on a similar solution for Zeek (formerly Bro).
Once Open Distro moves to a 7.x base I will test to ensure everything works well with it. I have also been toying with the idea of combining at least the Zeek, Suricata and Snort efforts, along with perhaps an adapted version of ElastiFlow, together into a single threat hunting solution - and basing the whole thing on Open Distro.