Elastic Cloud Enterprise 3.5
Deployment Version 7.17.8
Elastic Agent Version 7.17.8
Elastic Agent enrollment steps fail to change 'state' file output section url from 443 to 9243
I started going through the Elastic Agent install steps, Fleet --> +Add Agent --> Choose Policy --> Install Elastic Agent on the server, in this case I did it manually and then copied the 'Enroll and start the Elastic Agent' link for Windows. Elastic Agent connected and installed correctly.
Issue/Error Message:
{"log.level":"error","@timestamp":"2022-12-19T15:00:35.186-0500","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/output.go","file.line":154},"message":"Failed to connect to backoff(elasticsearch(https://abc.gov:443)): Get "https://abc.gov:443": dial tcp 10.1.1.1:443: connectex: No connection could be made because the target machine actively refused it.","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-12-19T15:00:35.186-0500","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/output.go","file.line":145},"message":"Attempting to reconnect to backoff(elasticsearch(https://abc.gov:443)) with 17 reconnect attempt(s)","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-12-19T15:00:35.186-0500","log.logger":"publisher","log.origin":{"file.name":"pipeline/retry.go","file.line":219},"message":"retryer: send unwait signal to consumer","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-12-19T15:00:35.186-0500","log.logger":"publisher","log.origin":{"file.name":"pipeline/retry.go","file.line":223},"message":" done","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2022-12-19T15:00:37.223-0500","log.logger":"esclientleg","log.origin":{"file.name":"transport/logging.go","file.line":37},"message":"Error dialing dial tcp 10.1.1.1:443: connectex: No connection could be made because the target machine actively refused it.","service.name":"metricbeat","network":"tcp","address":"abc.gov:443","ecs.version":"1.6.0"}
I searched through the yaml files in the folder and stumbled on the 'state.yml' file in the C:\Program Files\Elastic\Agent\data\elastic-agent- folder to try and figure out where the 443 was being injected. At the very bottom of this file is the outputs section and sure enough the URL doesnt have the 9243 needed for ECE, instead it had 443. Once that was changed metrics and logs started coming in. Please fix as soon as possible for users.