I'm seeing errors like this one in the logs of some of my fleet managed elastic-agents. After doing some testing, it looks like I'm not getting all of the log data that I should be getting. For example, on my Windows Domain Controllers, I have the elastic-agents deployed with a policy that has the IIS, Microsoft, System, and Windows integrations. On the 8th of this month, the agent captured changes made to a security group and I can see them in the index in Kibana as well as the appropriate dashboard. However, changes that were made on the 13th to the same security group are not showing in the index, nor the dashboard.
Looking at the logs and expanding the range of dates and selecting only the hostname instead of the events, I can see that the data stopped coming in a few hours before the security group change was made.
When I go into Stack Management - Users, there is no fleet-server user in the list for me to add any index management rights on. And, with it working previously, I don't know that I would need to do this.
I'm not finding any other logs that help indicate what may be happening, why the data flow stopped.
Any suggestions on how best to correct this? What would be the best locations to look for logs to track this down?