Hi Ruflin,
Thanks for reply , I have check log data/logs/default/
from client.
filebeat_monitor-json.log
{"log.level":"debug","@timestamp":"2020-11-24T16:07:01.941+0700","log.logger":"esclientleg","log.origin":{"file.name":"eslegclient/connection.go","file.line":294},"message":"Ping request failed with: Get \"https://x.x.x.x:9200\": x509: certificate signed by unknown authority","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-11-24T16:07:02.266+0700","log.logger":"input","log.origin":{"file.name":"input/input.go","file.line":139},"message":"Run input","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-11-24T16:07:02.266+0700","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":205},"message":"Start next scan","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-11-24T16:07:02.266+0700","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":439},"message":"Check file for harvesting: C:\\Program Files\\Elastic-Agent\\data\\logs\\elastic-agent-json.log","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-11-24T16:07:02.266+0700","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":530},"message":"Update existing file for harvesting: C:\\Program Files\\Elastic-Agent\\data\\logs\\elastic-agent-json.log, offset: 35280","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-11-24T16:07:02.266+0700","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":582},"message":"Harvester for file is still running: C:\\Program Files\\Elastic-Agent\\data\\logs\\elastic-agent-json.log","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-11-24T16:07:02.266+0700","log.logger":"input","log.origin":{"file.name":"log/input.go","file.line":226},"message":"input states cleaned up. Before: 1, After: 1, Pending: 0","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-11-24T16:07:02.497+0700","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":10437},"total":{"ticks":25827,"time":{"ms":31},"value":25827},"user":{"ticks":15390,"time":{"ms":31}}},"handles":{"open":366},"info":{"ephemeral_id":"0aef9b88-8fa1-48e5-a7d0-6a0435d0ba5f","uptime":{"ms":18753138}},"memstats":{"gc_next":68267152,"memory_alloc":34320256,"memory_total":314236544},"runtime":{"goroutines":64}},"filebeat":{"harvester":{"files":{"675de6c1-bead-4c83-ab59-f6da6237010e":{"size":892}},"open_files":5,"running":3}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":3,"events":{"active":4119,"retry":50}}},"registrar":{"states":{"current":4}}},"ecs.version":"1.5.0"}}
metricbeat-json.log
{"log.level":"debug","@timestamp":"2020-11-24T16:13:35.658+0700","log.logger":"esclientleg","log.origin":{"file.name":"eslegclient/connection.go","file.line":294},"message":"Ping request failed with: Get \"https://x.x.x.x:9200\": x509: certificate signed by unknown authority","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-11-24T16:14:02.337+0700","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":7015,"time":{"ms":15}},"total":{"ticks":19983,"time":{"ms":15},"value":19983},"user":{"ticks":12968}},"handles":{"open":471},"info":{"ephemeral_id":"884271c1-677a-4d4b-897c-7eaf398bf5e4","uptime":{"ms":19173657}},"memstats":{"gc_next":57211440,"memory_alloc":28935616,"memory_total":220847824,"rss":20480},"runtime":{"goroutines":76}},"libbeat":{"config":{"module":{"running":10}},"pipeline":{"clients":10,"events":{"active":4126,"retry":50}}}},"ecs.version":"1.5.0"}}
{"log.level":"error","@timestamp":"2020-11-24T16:14:23.544+0700","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/output.go","file.line":154},"message":"Failed to connect to backoff(elasticsearch(https://x.x.x.x:9200)): Get \"https://x.x.x.x:9200\": x509: certificate signed by unknown authority","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-11-24T16:14:23.544+0700","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/output.go","file.line":145},"message":"Attempting to reconnect to backoff(elasticsearch(https://x.x.x.x:9200)) with 436 reconnect attempt(s)","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-11-24T16:14:23.544+0700","log.logger":"publisher","log.origin":{"file.name":"pipeline/retry.go","file.line":213},"message":"retryer: send wait signal to consumer","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-11-24T16:14:23.544+0700","log.logger":"esclientleg","log.origin":{"file.name":"eslegclient/connection.go","file.line":290},"message":"ES Ping(url=https://x.x.x.x:9200)","ecs.version":"1.5.0"}
{"log.level":"info","@timestamp":"2020-11-24T16:14:23.544+0700","log.logger":"publisher","log.origin":{"file.name":"pipeline/retry.go","file.line":217},"message":" done","ecs.version":"1.5.0"}
{"log.level":"debug","@timestamp":"2020-11-24T16:14:23.562+0700","log.logger":"esclientleg","log.origin":{"file.name":"eslegclient/connection.go","file.line":294},"message":"Ping request failed with: Get \"https://x.x.x.x:9200\": x509: certificate signed by unknown authority","ecs.version":"1.5.0"}
It seems the cause is certificate.