Hi all -
So I've recently got the Elastic Stack setup and running. Decided to go install the Fleet Server, and then install a handful of Elastic-Agents on Windows Server(s) to gather some logs and metrics. From the looks of it, everything is configured properly, yet there are zero logs (aside from the Fleet-server's logs) in Kibana or Security. See below for logs of one of the Elastic-Agents running on Windows Server 2016 (this is from service start to "running configuration"):
{"log.level":"info","@timestamp":"2022-03-01T13:46:21.450Z","log.origin":{"file.name":"application/application.go","file.line":67},"message":"Detecting execution mode","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:21.455Z","log.origin":{"file.name":"application/application.go","file.line":92},"message":"Agent is managed by Fleet","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:21.456Z","log.origin":{"file.name":"capabilities/capabilities.go","file.line":59},"message":"capabilities file not found in C:\\Program Files\\Elastic\\Agent\\capabilities.yml","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2022-03-01T13:46:21.456Z","log.logger":"tls","log.origin":{"file.name":"tlscommon/tls_config.go","file.line":105},"message":"SSL/TLS verifications disabled.","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:22.187Z","log.logger":"composable.providers.docker","log.origin":{"file.name":"docker/docker.go","file.line":43},"message":"Docker provider skipped, unable to connect: protocol not available","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:22.192Z","log.origin":{"file.name":"store/state_store.go","file.line":327},"message":"restoring current policy from disk","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:22.229Z","log.origin":{"file.name":"stateresolver/stateresolver.go","file.line":48},"message":"New State ID is Ijgzcq6_","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:22.229Z","log.origin":{"file.name":"stateresolver/stateresolver.go","file.line":49},"message":"Converging state requires execution of 4 step(s)","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:22.541Z","log.origin":{"file.name":"operation/operator.go","file.line":284},"message":"operation 'operation-install' skipped for metricbeat.8.0.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:23.428Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-03-01T08:46:23-05:00 - message: Application: metricbeat--8.0.0[4d4185fb-ccde-4fea-9194-4b49a48958bb]: State changed to STARTING: Starting - type: 'STATE' - sub_type: 'STARTING'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:25.122Z","log.origin":{"file.name":"operation/operator.go","file.line":284},"message":"operation 'operation-install' skipped for endpoint-security.8.0.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:25.126Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-03-01T08:46:25-05:00 - message: Application: endpoint-security--8.0.0[4d4185fb-ccde-4fea-9194-4b49a48958bb]: State changed to STARTING: Starting - type: 'STATE' - sub_type: 'STARTING'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:25.632Z","log.origin":{"file.name":"operation/operator.go","file.line":284},"message":"operation 'operation-install' skipped for filebeat.8.0.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:25.986Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-03-01T08:46:25-05:00 - message: Application: filebeat--8.0.0[4d4185fb-ccde-4fea-9194-4b49a48958bb]: State changed to STARTING: Starting - type: 'STATE' - sub_type: 'STARTING'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:26.323Z","log.origin":{"file.name":"operation/operator.go","file.line":284},"message":"operation 'operation-install' skipped for filebeat.8.0.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:26.687Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-03-01T08:46:26-05:00 - message: Application: filebeat--8.0.0--36643631373035623733363936343635[4d4185fb-ccde-4fea-9194-4b49a48958bb]: State changed to STARTING: Starting - type: 'STATE' - sub_type: 'STARTING'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:27.030Z","log.origin":{"file.name":"operation/operator.go","file.line":284},"message":"operation 'operation-install' skipped for metricbeat.8.0.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:27.327Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-03-01T08:46:27-05:00 - message: Application: metricbeat--8.0.0--36643631373035623733363936343635[4d4185fb-ccde-4fea-9194-4b49a48958bb]: State changed to STARTING: Starting - type: 'STATE' - sub_type: 'STARTING'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:27.356Z","log.origin":{"file.name":"stateresolver/stateresolver.go","file.line":66},"message":"Updating internal state","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:27.439Z","log.origin":{"file.name":"stateresolver/stateresolver.go","file.line":48},"message":"New State ID is 002rnIFL","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:27.439Z","log.origin":{"file.name":"stateresolver/stateresolver.go","file.line":49},"message":"Converging state requires execution of 3 step(s)","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:27.753Z","log.origin":{"file.name":"operation/operator.go","file.line":284},"message":"operation 'operation-install' skipped for metricbeat.8.0.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:27.754Z","log.origin":{"file.name":"operation/operator.go","file.line":284},"message":"operation 'operation-start' skipped for metricbeat.8.0.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:27.810Z","log.logger":"api","log.origin":{"file.name":"api/server.go","file.line":62},"message":"Starting stats endpoint","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:27.810Z","log.origin":{"file.name":"application/managed_mode.go","file.line":290},"message":"Agent is starting","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:27.810Z","log.logger":"api","log.origin":{"file.name":"api/server.go","file.line":64},"message":"Metrics endpoint listening on: \\\\.\\pipe\\elastic-agent (configured: npipe:///elastic-agent)","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:28.078Z","log.origin":{"file.name":"operation/operator.go","file.line":284},"message":"operation 'operation-install' skipped for filebeat.8.0.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:28.078Z","log.origin":{"file.name":"operation/operator.go","file.line":284},"message":"operation 'operation-start' skipped for filebeat.8.0.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:28.341Z","log.origin":{"file.name":"operation/operator.go","file.line":284},"message":"operation 'operation-install' skipped for filebeat.8.0.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:28.341Z","log.origin":{"file.name":"operation/operator.go","file.line":284},"message":"operation 'operation-start' skipped for filebeat.8.0.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:28.639Z","log.origin":{"file.name":"operation/operator.go","file.line":284},"message":"operation 'operation-install' skipped for metricbeat.8.0.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:28.639Z","log.origin":{"file.name":"operation/operator.go","file.line":284},"message":"operation 'operation-start' skipped for metricbeat.8.0.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:28.646Z","log.origin":{"file.name":"stateresolver/stateresolver.go","file.line":66},"message":"Updating internal state","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:29.428Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-03-01T08:46:29-05:00 - message: Application: metricbeat--8.0.0[4d4185fb-ccde-4fea-9194-4b49a48958bb]: State changed to CONFIG: Updating configuration - type: 'STATE' - sub_type: 'CONFIG'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:29.940Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-03-01T08:46:29-05:00 - message: Application: metricbeat--8.0.0[4d4185fb-ccde-4fea-9194-4b49a48958bb]: State changed to RUNNING: Running - type: 'STATE' - sub_type: 'RUNNING'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:32.012Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-03-01T08:46:32-05:00 - message: Application: filebeat--8.0.0[4d4185fb-ccde-4fea-9194-4b49a48958bb]: State changed to RUNNING: Running - type: 'STATE' - sub_type: 'RUNNING'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:32.453Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-03-01T08:46:32-05:00 - message: Application: filebeat--8.0.0--36643631373035623733363936343635[4d4185fb-ccde-4fea-9194-4b49a48958bb]: State changed to RUNNING: Running - type: 'STATE' - sub_type: 'RUNNING'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:33.537Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-03-01T08:46:33-05:00 - message: Application: metricbeat--8.0.0--36643631373035623733363936343635[4d4185fb-ccde-4fea-9194-4b49a48958bb]: State changed to RUNNING: Running - type: 'STATE' - sub_type: 'RUNNING'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-01T13:46:47.240Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-03-01T08:46:47-05:00 - message: Application: endpoint-security--8.0.0[4d4185fb-ccde-4fea-9194-4b49a48958bb]: State changed to RUNNING: Protecting with policy {c35149eb-e6ff-49de-b216-c72007dd6887} - type: 'STATE' - sub_type: 'RUNNING'","ecs.version":"1.6.0"}
Any help would be greatly appreciated!