Elastic Agent successfully connect to Fleet Server but Elasticsearch did not receive data! bug

Elastic Stack Elastic Agent
1

OS

lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 22.04 LTS
Release:        22.04
Codename:       jammy

install Elastic

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
sudo apt-get install apt-transport-https
echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list

sudo apt-get update && sudo apt-get install elasticsearch

elasticsearch.yml

network.host: 0.0.0.0
xpack.security.authc.api_key.enabled: true

systemctl restart elasticsearch
image

install Kibana

sudo apt-get update && sudo apt-get install kibana

kibana.yml

server.host: "0.0.0.0"

sudo systemctl start kibana

image
image1079×497 37.2 KB

image

Fleet Server

image
image1065×682 96.2 KB

image
image992×768 111 KB

install server on this host (124.222.18.X)

sudo ./elastic-agent install \
  --fleet-server-es=https://10.0.12.12:9200 \
  --fleet-server-service-token=AAEAAWVsYXN0aWMvZmxlZXQtc2VydmVyL3Rva2VuLTE3MDMzMjUzOTMyNjE6b05TMFBjYTVTRTZ3UjZpN1FiN2N2UQ \
  --fleet-server-policy=fleet-server-policy \
  --fleet-server-es-ca-trusted-fingerprint=00c7a760b4ed7747ca7b64e122b2f6ffd230118ccb6981c26121edd3337af0eb \
  --fleet-server-port=8220

---> Elastic Agent has been successfully installed.

image
image1233×629 49.6 KB

image
image1234×647 61.5 KB

Install the agent on my own personal computer(Mac)

image
image1186×670 79 KB

image
image641×672 69.4 KB

sudo ./elastic-agent install --url=https://124.222.18.X:8220 --enrollment-token=aXBraWxvd0JXbk5WVXlibi1DQXM6R1dRWTlUazZSclNybGQ2S0RWdF9qUQ== --insecure

--> Elastic Agent has been successfully installed.

Elasticsearch did not receive data:

image
image1231×317 37.6 KB

image
image1205×636 26.1 KB

image
image1120×682 47.8 KB

image
image1111×684 49.4 KB

image
image1105×722 53.5 KB

image
image
image1202×521 39 KB

still not work:

image
image1224×241 23.5 KB

2

Can you provide any logs from elastic-agent?

I think this is a certificate issue where the cert that ES generated for itself does not match the IP address that the agent is using, we can confirm this with log messages.
If that's the case you will need to create a new cert for ES that lists multiple IPs.

1 Like
3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.