Hello Elastic community,
I have an issue with elastic-agent debug logging, perhaps you could help me ?
Some events are dropped because the mapping changed o logs, but it's impossible for me to find where exactly, i have millions of logs sended hourly and rollover didn't do the trick.
Messages on elastic-agent logs are always the same :
Cannot index event (status=400): dropping event! Enable debug logs to view the event and cause.
So, i added this to elastic-agent.yml and restart :
agent.logging.level: debug
agent.logging.metrics.enabled: false
agent.logging.to_files: true
agent.logging.files:
path: /var/log/elastic-agent
name: elastic-agent
keepfiles: 7
permissions: 0600
fleet:
enabled: true
The problem is that no debug logs are writted to dest, where info or warn logs are.
Whatever if i add agent.logging.selectors: ["beat", "publish", "service"], or send logs to syslog/stderr, or even launch elastic-agent with -e -c options, it never works.
Do you have any idea ?
My elastic-agent is running on Debian 12.5, version 8.14.1, executing a Custom Logs integration.
Thank you 
!