We are on a 7.14 stack with 7.14 agent running. I'm seeing an error below which I've never seen before. It causes the Agent state to be degraded.
I'm a bit unclear on the capability restriction 'I deny(*) portion of the error.
Does anyone know what may cause this?
12:33:48.568 elastic_agent [elastic_agent][info] Elastic Agent status changed to: 'online'
12:33:48.568 elastic_agent [elastic_agent][info] input 'endpoint' is not run due to capability restriction 'I deny(*)'
12:33:48.568 elastic_agent [elastic_agent][warn] Elastic Agent status changed to: 'degraded'
12:33:48.573 elastic_agent [elastic_agent][info] New State ID is T4yUJqBY
Default capabilities does not include this, so a capabilities.yml would need to be present for that type of message to appear.
I would check the C:\Program Files\Elastic\Agent directory as well as the C:\Program Files\Elastic\Agent\data\elastic-agent-${version} directory to see if a capabilities.yml is present.
Figured it out, ended up being something pretty simple. The Endpoint integration ended up being added to the Fleet server policy instead of the Agent policy. Just had to remove the integration from fleet server and it went healthy
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.