'fluentd elasticsearch plugin - The client is unable to verify that the server is Elasticsearch

I want to send some nginx logs from fluentd to elasticsearch , however, fluentd is unable to start due to following error message:

The client is unable to verify that the server is Elasticsearch. Some functionality may not be compatible if the server is running an unsupported product.

[error]: #0 unexpected error error_class=Elasticsearch::UnsupportedProductError error="The client noticed that the server is not Elasticsearch and we do not support this unknown product."

enter image description here

This is my fluentd config :

<source>
  @type tail  
    <parse>    
      @type nginx 
    </parse>  
  path /tmp/lab4/nginx/access.log  
  pos_file /tmp/lab4/nginx/access.po
  tag nginx.access
</source>

<match nginx.**>
 @type elasticsearch
 scheme http
 host 192.168.1.154 
 port 9200 
 with_transporter_log true
 @log_level debug
</match>

If I do a curl http://192.168.1.154:9200 , I can see a response from Elasticsearch with the system version and other info .

For reference I am using :

  • fluentd version 1.14.5
  • fluentd elastic-search-plugin 5.2.0
  • elastic-search 7.12.0

Any idea on what I am doing wrong ?

fluentdefk


Solution 1:[1]

In that snapshot, the elasticsearch client gem version (used by fluent-plugin-elasticsearch) is 8.0.0. You are using ElasticSearch v7.12.0 which is evaluated as unsupported.

See https://github.com/elastic/elasticsearch-ruby/blob/ce84322759ff494764bbd096922faff998342197/elasticsearch/lib/elasticsearch.rb#L110-L119.

So, it looks like you need to install an equivalent supported version.

Solution 2:[2]

for anyone who is facing the issue in docker, the below steps solved the issue for me:

  • need to build the fleutd with the "elasticsearch gem" as per the version of the elasticsearch being used, like below: Dockerfile:
FROM fluent/fluentd
RUN gem install elasticsearch -v 7.6
RUN gem install fluent-plugin-elasticsearch
RUN gem install fluent-plugin-rewrite-tag-filter
RUN gem install fluent-plugin-multi-format-parser
  • Mention the es version in the out plugin of es in fluent.conf:
@type elasticsearch
host 10.10.13.21
port 9200
verify_es_version_at_startup false
default_elasticsearch_version 7

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Azeem
Solution 2 Md Sayfee Ahmed

Related Questions

"curl: (52) Empty reply from server" / timeout when querying ElastiscSearch

Efficient way to retrieve all _ids in ElasticSearch

How to disable SSL verification for Elasticsearch RestClient v6.7.0 in Java

How to watch the logstash log?

elastic search, is it possible to update nested objects without updating the entire document?

ElasticSearch Aggregation over Top Hits

Kibana server is not ready yet

Kibana server is not ready yet

Any way(plugin) to parse kibana query syntax to elasticsearch api body?

Elastic search with Google Big Query

Can not run Elastic Search on ubuntu (Error opening log file)

Is it possible to filter records of one index from another index in elasticsearch query?

Can We Retrieve Previous _source Docs with Elastic Search Versions

Sort multi-bucket aggregation by source fields inside inner multi-bucket aggregation

How to get latest document in elastic search