The error message is as follows
{"log.level":"error","@timestamp":"2020-11-23T15:59:58.735+0800","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/output.go","file.line":154},"message":"Failed to connect to backoff(elasticsearch(https://node1.elastic.test.com:9200)): Get "https://node1.elastic.test.com:9200": x509: certificate signed by unknown authority","ecs.version":"1.6.0"}

The FILEBEAK configuration file in Elastic Agent is as follows :

---------------------------- Elasticsearch Output ----------------------------

output.elasticsearch:

Array of hosts to connect to.

hosts: ["https://node1.elastic.test.com:9200"]

Protocol - either http (default) or https.

protocol: "https"
ssl.verification_mode: "none"

ssl.enabled: "true

ssl.certificate: "/etc/logstash/certs/logstash/logstash.crt"
ssl.certificate_authorities: "/etc/logstash/certs/ca/ca.crt"
ssl.key: "/etc/logstash/certs/logstash/logstash.key"

Authentication credentials - either API key or username/password.

#api_key: "id:api_key"
username: "elastic"
password: "8rXntxqQEZ9HLg"

How can I solve it?

Hi, the config looks like you are having fleet talk to your logstash instance based on the certificates configured, that shouldn't be the case.

elastic agent --> fleet server --> elastic is the flow.

The error you are having is due to not having given the correct CA trusted file.
You are most likely using a self signed cert which isn't natively trusted by the system and you will have to provide a trust CA file on enrollment.