Filebeat and AWS Elasticsearch - Not Working

First, you need to use OSS version of filebeat with AWS ES https://www.elastic.co/downloads/beats/filebeat-oss

Second, AWS ElasticSearch does not provide GeoIP module, so you will need to edit pipelines for any of the default modules you want to use, and make sure GeoIP is removed/commented out.

For example in /usr/share/filebeat/module/system/auth/ingest/pipeline.json (that's the path when installed from deb package - your path will be different of course) comment out:

        {        "geoip": {            "field": "source.ip",            "target_field": "source.geo",            "ignore_failure": true        }    },

Repeat the same for apache module.

I've spent hours trying to make filebeat iis module works with AWS elasticsearch. I kept getting ingest-geoip error, Below fixed the issue.For windows iis logs, AWS elasticsearch remove geoip from filebeat module configuration:

C:\Program Files (x86)\filebeat\module\iis\access\ingest\default.json

C:\Program Files (x86)\filebeat\module\iis\access\manifest.yml

C:\Program Files (x86)\filebeat\module\iis\error\ingest\default.json

C:\Program Files (x86)\filebeat\module\iis\error\manifest.yml