I am using the ELK Stack in Version 8.16.1. On the host I have a configured Elastic Agent 8.16.1 managed by Fleet with an integration for F5 logs to act as an HTTP Endpoint. On the F5 side I have configured everything correctly, and when I do a simulation via Postman I get a 200 as a response so this part should work correctly.
I never worked with the Elastic Agent (EA) so far, so may be I do something wrong and I am very grateful for every help I can get.
So first, I configured the Fleet / EA as HTTP Endpoint with port 8220 and I didnt receive any logs. Then I figured, that port 8220 is blocked by Fleet for communicating with the EAs. So with netstat I saw that the Elastic Agents are listening on port 6789 and 6791. I also tried these, and this also did not working since these ports are only for intercommunication between the agents afaik. So currently I switched back to 8220.
I also found an article that I could use 9200, but this is normal http without encryption, so we do not want to use this.
Current errors in elastig-agent logs:
essage":"Healthy","payload":{"streams":{"http_endpoint-f5_bigip.log-d12a622e-00ed-495b-875d-d665af4924c5":{"error":"","status":"STARTING"}}},"status":"HEALTHY","type":"input"}]},
Seems like the stream stays in state STARTING, and I have no clue why. It is the same issue after restarting the Elastic Agent.
Would someone be able to help with this issue, it would be very appreciated. If more information is needed like configs, etc., please let me know.