Hello community,
I'm suffering with an issue that I don´t know why is happening.
I'm using this architecture:
1 - Elasticsearch, Kibana and Fleet on the same server
2 - I'm using elastic agent to collect logs from a remote place
3 - I can enroll the elastic-agent in the fleet, get connected and ingest logs.
After some time the elastic-agent stop to send logs because the elasticsearch refuse connections from elastic-agent. If a made a reboot on the server that the elastic-agent was installed I can connecto to elasticsearch again and collect this logs.
I don't know why It's happening. Remember, the elasticsearch server is in a remote place. The local elastic agents works normally.
I'm seeing some open and closed connections in the elastic-agent side and I think that ephemeral ports was used up, but I don't know why.
In the first time, I made some tests using a new elasticsearch stack environment using valid SSL certificates because I thaught that the issue was this, but the same behavior appeared.
I configured the latency mode in the elasticsearch output configurations in the fleet and the agent delay to stop to collect logs. I made a custom configuration too, but the issue occurs early or late.
I'm used the version 8.13 and after I made an upgrade to 8.15 version, but the issue persists.
I also have configured a nginx to get connections from elastic-agent and forward the connections to elasticsearch but the same behavior appear.
We have some firewalls in the way, but the firewalls is not blocking or inspect the traffic.
I don't know more what I can do to solve this issue.
Thanks!