Hi,
I am new to ELK and I have an issue with my Elastic Agents on my Windows servers.
I am working with :
- Elasticsearch / Kibana version 8.4.2
- Elastic-Agent version 8.4.2
I have successfully enroll my Fleet Server (v 8.4.2) and its appears "Healthy" in Kibana.
I have also enroll my Elastic Agent on my Windows VMs with :
.\elastic-agent.exe install --url=https://ip-fleetserver:8220 --enrollment-token=token --certificate-authorities=/path/to/my/ca.crt --fleet-server-es-insecure
The Agents looks "Healthy" for several minutes but then switched to "Unhealthy", then back to "Healthy", then again "Unhealthy", etc...
On my servers the command .\elastic-agent.exe status shows :
Error: failed to communicate with Elastic Agent daemon: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing open \\\\.\\pipe\\elastic-agent-system: Access Denied."
In Kibana, I have severals errors displaying in the Agents Logs details :
> 11:20:59.670 elastic_agent [elastic_agent][error] Elastic Agent status changed to "error": "app filebeat--8.4.3-da9ed2be: 1 error occurred:\n\t* 1 error: Error creating runner from config: Failed to create new event log. 1 error: invalid event ID query component ('')\n\n"
11:20:59.670 elastic_agent [elastic_agent][error] 2022-10-14T11:20:59+02:00 - message: Application: filebeat--8.4.3[57114881-d98a-4338-92ad-2f09dbfe0ce4]: State changed to FAILED: 1 error occurred:
* 1 error: Error creating runner from config: Failed to create new event log. 1 error: invalid event ID query component ('')
- type: 'ERROR' - sub_type: 'FAILED'
11:22:15.065 elastic_agent [elastic_agent][error] filebeat stderr: "2022-10-14 11:22:15.0621931 +0200 CEST m=+0.198472301 write error: error file rotating files reason: time interval: failed on C:\\Program Files\\Elastic\\Agent\\data\\elastic-agent-d3eb3e\\logs\\default\\filebeat-20221014-33.ndjson during rotation: CreateFile C:\\Program Files\\Elastic\\Agent\\data\\elastic-agent-d3eb3e\\logs\\default\\filebeat-20221014-33.ndjson: Access Denied.\n"
I search the troubleshooting guide with no luck, so any help or advice would be appreciated !
Thanks !