Hi!
I successfully set up a fleet server and 2 more elastic agents on different hosts.
They all show up as "healthy" and seem fine in Kibana.
I recognized after trying a few integrations, that only the Fleet server is able to send data into the data streams (ES is running on same host). After some investigation I found out, that Filebeat/Metricbeat on the other hosts always try to connect to http://localhost:9200, but there is no ES running.
/var/lib/elastic-agent/data/elastic-agent-3c518f/logs/default/filebeat-json.log:
{"log.level":"error","@timestamp":"2022-02-22T16:37:08.593+0100","log.logger":"esclientleg","log.origin":{"file.name":"transport/logging.go","file.line":37},"message":"Error dialing dial tcp 127.0.0.1:9200: connect: connection refused","service.name":"filebeat","network":"tcp","address":"localhost:9200","ecs.version":"1.6.0"}
In the Kibana Fleet Settings the Fleet hosts and Elasticsearch hosts are set properly and NOT localhost.
The "state.yml" directly on the host is the same like the Agent Policy.
Why does the Filebeat/Metricbeat not get the correct config??
Thanks in advance!
Edit: Environment is ES 7.16.2 on RedHat8