I installed an agent on a virtual machine to collect PostgreSQL logs through integration. The log paths are correct, and everything seems to be healthy.
However, the logs are not being sent to ELK, and no data stream is being created.
diagnostic file isn't generating
What is the output of this policy?
Check if the VM can connect to the output, from what you described your agent cannot reach the configured output.
The healthy of the agent is only relative to the Fleet Server and if the integrations are running without issue, it does not take into consideration the communicaton from the agent to the configured output.
For example, if your output is Elasticsearch and your agent cannot reach Elasticsearch, but can reach the Fleet Server, it will appear as healthy, but you will have no data (also will not be able to get a diagnostic remotely).
You will need to check the log file directly in the server.
Yes, the output shows the internal elasticsearch URL, how to change it when or after installing an agent?
outputs:
default:
api_key: <REDACTED>
hosts:
- https://elasticsearch-es-http:9200
preset: balanced
type: elasticsearch
Is this output accessible to the agent?
If not you need to edit it Fleet Settings and configure it to the endpoint that it is accessible to the agent.
You can edit it in the Settings tab in the Fleet page.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.