Fleet Policy different IP from the server

otortosa · July 5, 2024, 6:58am

Hello guys!

My Fleet server have a private IP, but i need to recolect logs from a VM with only public IP, working with a PFSense, created a Port Forwarder to the Fleet Server private IP.

The issue is that the Fleet Agent enrollment works fine, but in the moment to recolect logs, Fleet Agent tries to send the logs to the private IP that is unreachable to him.

Actions: error validating Fleet client config: validating fleet client config: fail to communicate with Fleet Server API client hosts: all hosts failed: 1 error occurred: * requester 0/1 to host https://10.2.x.x:8220/ errored: Get "https://10.2.x.x:8220/api/status?": context deadline exceeded

How can I create an Agent policy that configures Public IP?
Or I have to configure the host as a standalone host.

Counting on your replies.

Thanks in advance!

otortosa · July 5, 2024, 7:22am

From Kibana to Elastic Agent

leandrojmp · July 5, 2024, 1:16pm

On the hosts urls of your fleet server host you will need to add the public endpoint so the agent will also try to checkin with fleet using the public endpoint.

So, you need to edit your Fleet Host server to add it.

You will probably need to reenroll your agent for it to get the new settings as it currently cannot communicate with the fleet server to get the updated policy.

otortosa · July 8, 2024, 9:44am

Good Morning Leandro,

Thanks for the reply.

Now I added the Public IP to the Fleet Server and reroll the agent.
This is the current error, Actions: error validating Fleet client config: validating fleet client config: fail to communicate with Fleet Server API client hosts: all hosts failed: 2 errors occurred: * requester 0/2 to host https://privateIP:8220/ errored: Get "https://privateIP:8220/api/status?": context deadline exceeded * requester 1/2 to host https://publicIP:8220/ errored: Get "https://publicIP:8220/api/status?": context deadline exceeded.

After a few minutes the state changed from Unhealthy to Healthy but still no logs received. Used the same Agent Policy that I use in several hosts.

How can I fix this?

Thanks in advance!

Kind regards,

leandrojmp · July 8, 2024, 12:27pm

Did you add the public endpoint for your elasticsearch in the Elasticsearch output configuration as well?

You need to have both a public endpoint for Fleet and for Elasticsearch.

This is expected, since it cannot connect on the private IP, it will try the public IP, which worked since you said it changed from Unhealthy to Healthy.

otortosa · July 17, 2024, 3:08pm

Hello Leandro!

Yes, the Agent changed to Healthy, but no logs received to the Server.

Im checking the Fleet Settings and observed that my Elasticsearch Output only have private IP, couldn't edit to add the public as done on my Fleet Server.

The red mark is where my Public IP. As you see the default Output is blocked, tried to add a new one but how can i say to my Agent to use this Elastic Output?

Thanks in advance!

Kind regards,

leandrojmp · July 17, 2024, 3:16pm

Did you add this output in kibana.yml? Not sure why this would be locked besides being configured in kibana.yml.

Can you share your kibana.yml file?

otortosa · July 18, 2024, 6:46am

Morning Leandro,

You mean that I need to add the new IP here?
elasticsearch.hosts: ['https://10.5.35.19:9200']
Like this? elasticsearch.hosts: ['https://10.5.35.19:9200', 'https://publicip:9200']

Kind regards,

otortosa · July 18, 2024, 7:33am

Hello Leandro,

After adding the IP in xpack.fleet.outputs, its showed on my Kibana.

But I added the host and still no logs received.

Waiting for initial configuration and composable variables

There is another config that I still missing?

Thanks!

leandrojmp · July 18, 2024, 12:26pm

I don't think so. Is the host healthy on fleet? Do you still get this message? Sometimes it take a couple of minutes for the agent to start collecting data.

If you still do not get any data you need to troubleshoot the connectivity between the agent and your endpoint.

If the Agent is Healthy you can also get the logs from it in the Diagnostics tab in Fleet.

otortosa · July 18, 2024, 2:01pm

This is the current situation after 5 hours.

Tried to do it in the Diagnostics tab, downloaded the logs.
I think my agent is still trying to send the data to the Private IP.

How can I do to tell my Agent send the logs to the Public IP?

leandrojmp · July 18, 2024, 3:09pm

Please share the logs, it will show up the errors the agent is receiving and the exact IP it is trying to send.

otortosa · July 19, 2024, 12:55pm

Hello Leandro,

This is the logs, after checking seems still trying by private IP.

{"log.level":"info","@timestamp":"2024-07-18T07:25:27.853Z","log.origin":{"file.name":"cmd/run.go","file.line":183},"message":"Elastic Agent started","log":{"source":"elastic-agent"},"process.pid":456522,"agent.version":"8.14.3","agent.unprivileged":false,"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:28.088Z","log.origin":{"file.name":"upgrade/rollback.go","file.line":156},"message":"Starting upgrade watcher","log":{"source":"elastic-agent"},"path":"/opt/Elastic/Agent/elastic-agent","args":["/opt/Elastic/Agent/elastic-agent","watch","--path.config","/opt/Elastic/Agent","--path.home","/opt/Elastic/Agent"],"env":[],"dir":"","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:28.089Z","log.origin":{"file.name":"upgrade/rollback.go","file.line":163},"message":"Upgrade Watcher invoked","log":{"source":"elastic-agent"},"agent.upgrade.watcher.process.pid":456551,"agent.process.pid":456522,"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:28.089Z","log.origin":{"file.name":"upgrade/rollback.go","file.line":151},"message":"releasing watcher 456551","log":{"source":"elastic-agent"},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:28.089Z","log.origin":{"file.name":"cmd/run.go","file.line":267},"message":"APM instrumentation disabled","log":{"source":"elastic-agent"},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:28.090Z","log.origin":{"file.name":"application/application.go","file.line":65},"message":"Gathered system information","log":{"source":"elastic-agent"},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:28.116Z","log.origin":{"file.name":"application/application.go","file.line":71},"message":"Detected available inputs and outputs","log":{"source":"elastic-agent"},"inputs":["aws/metrics","mssql/metrics","syncgateway/metrics","http/metrics","traefik/metrics","pf-elastic-collector","aws-cloudwatch","mqtt","o365audit","redis","websocket","jolokia/metrics","aws-s3","azure-eventhub","lumberjack","containerd/metrics","etw","journald","kafka","netflow","syslog","kubernetes/metrics","azure-blob-storage","docker","entity-analytics","udp","synthetics/tcp","docker/metrics","cloudbeat/cis_eks","winlog","kafka/metrics","cloudbeat/cis_gcp","apm","log","linux/metrics","uwsgi/metrics","azure/metrics","apache/metrics","etcd/metrics","stan/metrics","endpoint","cloudbeat/cis_k8s","enterprisesearch/metrics","cloudfoundry/metrics","gcp/metrics","iis/metrics","rabbitmq/metrics","vsphere/metrics","zookeeper/metrics","audit/system","gcs","system/metrics","awsfargate/metrics","prometheus/metrics","audit/auditd","audit/file_integrity","httpjson","synthetics/browser","synthetics/http","nats/metrics","nginx/metrics","fleet-server","packet","pf-host-agent","http_endpoint","salesforce","synthetics/icmp","postgresql/metrics","redis/metrics","windows/metrics","cloudbeat/cis_aws","elasticsearch/metrics","kibana/metrics","mongodb/metrics","oracle/metrics","cloudfoundry","tcp","unix","activemq/metrics","memcached/metrics","osquery","cloudbeat/cis_azure","cometd","container","filestream","beat/metrics","mysql/metrics","pf-elastic-symbolizer","gcp-pubsub","sql/metrics","cloudbeat","cel","logstash/metrics","haproxy/metrics","statsd/metrics","cloudbeat/vuln_mgmt_aws"],"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:28.116Z","log.origin":{"file.name":"capabilities/capabilities.go","file.line":48},"message":"Capabilities file not found in /opt/Elastic/Agent/capabilities.yml","log":{"source":"elastic-agent"},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:28.116Z","log.origin":{"commit":"71819961045386b23edc18455f1b54764292816c","libbeat":"8.14.3","time":"2024-07-08T22:09:30.000Z","version":"8.14.3"},"ecs.version":"1.6.0"},"log.logger":"beat","log.origin":{"file.line":1379,"file.name":"instance/beat.go","function":"github.com/elastic/beats/v7/libbeat/cmd/instance.logSystemInfo"},"service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:29.593Z","message":"Go runtime info","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"log.logger":"beat","log.origin":{"file.line":1382,"file.name":"instance/beat.go","function":"github.com/elastic/beats/v7/libbeat/cmd/instance.logSystemInfo"},"service.name":"filebeat","system_info":{"ecs.version":"1.6.0","go":{"arch":"amd64","max_procs":8,"os":"linux","version":"go1.21.12"}},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:29.594Z","message":"Host info","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"service.name":"filebeat","system_info":{"ecs.version":"1.6.0","host":{"architecture":"x86_64","boot_time":"2024-07-10T14:34:31+02:00","containerized":false,"id":"7a2e0439083778837fe0d1a55c0a3c6a","ip":["127.0.0.1","::1","185.35.140.179","fe80::250:56ff:fe98:fc4b"],"kernel_version":"5.4.0-187-generic","mac":["00:50:56:98:fc:4b"],"name":"spd-afx-lnd-int-pro-01","native_architecture":"amd64","os":{"codename":"focal","family":"debian","major":20,"minor":4,"name":"Ubuntu","patch":6,"platform":"ubuntu","type":"linux","version":"20.04.6 LTS (Focal Fossa)"},"timezone":"CEST","timezone_offset_sec":7200}},"log.logger":"beat","log.origin":{"file.line":1388,"file.name":"instance/beat.go","function":"github.com/elastic/beats/v7/libbeat/cmd/instance.logSystemInfo"},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:29.594Z","message":"Process info","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"log.logger":"beat","log.origin":{"file.line":1417,"file.name":"instance/beat.go","function":"github.com/elastic/beats/v7/libbeat/cmd/instance.logSystemInfo"},"service.name":"filebeat","system_info":{"ecs.version":"1.6.0","process":{"capabilities":{"ambient":null,"bounding":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend","audit_read"],"effective":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend","audit_read"],"inheritable":null,"permitted":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend","audit_read"]},"cwd":"/opt/Elastic/Agent/data/elastic-agent-8.14.3-2df2c1/run/filestream-monitoring","exe":"/opt/Elastic/Agent/data/elastic-agent-8.14.3-2df2c1/components/agentbeat","name":"agentbeat","pid":456577,"ppid":456522,"seccomp":{"mode":"filter","no_new_privs":true},"start_time":"2024-07-18T09:25:29.320+0200"}},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:29.594Z","message":"Setup Beat: filebeat; Version: 8.14.3","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"log.origin":{"file.line":339,"file.name":"instance/beat.go","function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).createBeater"},"service.name":"filebeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:29.595Z","message":"Output is configured through Central Management","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"log.origin":{"file.line":371,"file.name":"instance/beat.go","function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).createBeater"},"service.name":"filebeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:29.597Z","message":"Beat name: SPD-AFX-LND-INT-PRO-01","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"log.logger":"publisher","log.origin":{"file.line":105,"file.name":"pipeline/module.go","function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.LoadWithSettings"},"service.name":"filebeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:29.597Z","message":"Enabled modules/filesets: ","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"ecs.version":"1.6.0","log.logger":"modules","log.origin":{"file.line":136,"file.name":"fileset/modules.go","function":"github.com/elastic/beats/v7/filebeat/fileset.newModuleRegistry"},"service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:29.597Z","message":"Starting metrics logging every 30s","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"log.logger":"monitoring","log.origin":{"file.line":145,"file.name":"log/log.go","function":"github.com/elastic/beats/v7/libbeat/monitoring/report/log.(*reporter).snapshotLoop"},"service.name":"filebeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:29.598Z","message":"filebeat start running.","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"log.origin":{"file.line":525,"file.name":"instance/beat.go","function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).launch"},"service.name":"filebeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:29.600Z","message":"Finished loading transaction log file for '/opt/Elastic/Agent/data/elastic-agent-8.14.3-2df2c1/run/filestream-monitoring/registry/filebeat'. Active transaction id=0","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"log.origin":{"file.line":134,"file.name":"memlog/store.go","function":"github.com/elastic/beats/v7/libbeat/statestore/backend/memlog.openStore"},"service.name":"filebeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2024-07-18T07:25:29.600Z","message":"Filebeat is unable to load the ingest pipelines for the configured modules because the Elasticsearch output is not configured/enabled. If you have already loaded the ingest pipelines or are using Logstash pipelines, you can ignore this warning.","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"ecs.version":"1.6.0","log.origin":{"file.line":331,"file.name":"beater/filebeat.go","function":"github.com/elastic/beats/v7/filebeat/beater.(*Filebeat).Run"},"service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:29.600Z","message":"creating new InputManager","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"log.logger":"input","log.origin":{"file.line":55,"file.name":"shipper/input.go","function":"github.com/elastic/beats/v7/x-pack/filebeat/input/shipper.NewInputManager"},"service.name":"filebeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:29.600Z","message":"States Loaded from registrar: 0","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"service.name":"filebeat","ecs.version":"1.6.0","log.logger":"registrar","log.origin":{"file.line":107,"file.name":"registrar/registrar.go","function":"github.com/elastic/beats/v7/filebeat/registrar.(*Registrar).loadStates"},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:29.600Z","message":"Loading Inputs: 0","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"log.origin":{"file.line":71,"file.name":"beater/crawler.go","function":"github.com/elastic/beats/v7/filebeat/beater.(*crawler).Start"},"service.name":"filebeat","ecs.version":"1.6.0","log.logger":"crawler","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:29.600Z","message":"Loading and starting Inputs completed. Enabled inputs: 0","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"service.name":"filebeat","ecs.version":"1.6.0","log.logger":"crawler","log.origin":{"file.line":106,"file.name":"beater/crawler.go","function":"github.com/elastic/beats/v7/filebeat/beater.(*crawler).Start"},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:29.612Z","log.logger":"component.runtime.filestream-monitoring","log.origin":{"file.name":"runtime/manager.go","file.line":690},"message":"control checkin v2 protocol has chunking enabled","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:29.612Z","log.origin":{"file.name":"coordinator/coordinator.go","file.line":606},"message":"Component state changed filestream-monitoring (STARTING->HEALTHY): Healthy: communicating with pid '456577'","log":{"source":"elastic-agent"},"component":{"id":"filestream-monitoring","state":"HEALTHY","old_state":"STARTING"},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:29.614Z","message":"BeatV2Manager.unitListen UnitChanged.ID(filestream-monitoring-filestream-monitoring-agent), UnitChanged.Type(added), UnitChanged.Trigger(4): added/feature_change_triggered","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"log.origin":{"file.line":488,"file.name":"management/managerV2.go","function":"github.com/elastic/beats/v7/x-pack/libbeat/management.(*BeatV2Manager).unitListen"},"service.name":"filebeat","ecs.version":"1.6.0","log.logger":"centralmgmt.V2-manager","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:29.614Z","message":"BeatV2Manager.unitListen UnitChanged.ID(filestream-monitoring), UnitChanged.Type(added), UnitChanged.Trigger(4): added/feature_change_triggered","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"log.logger":"centralmgmt.V2-manager","log.origin":{"file.line":488,"file.name":"management/managerV2.go","function":"github.com/elastic/beats/v7/x-pack/libbeat/management.(*BeatV2Manager).unitListen"},"service.name":"filebeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:29.968Z","log.origin":{"file.name":"coordinator/coordinator.go","file.line":586},"message":"Spawned new component beat/metrics-monitoring: Starting: spawned pid '456590'","log":{"source":"elastic-agent"},"component":{"id":"beat/metrics-monitoring","state":"STARTING"},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:29.969Z","log.origin":{"file.name":"coordinator/coordinator.go","file.line":593},"message":"Spawned new unit beat/metrics-monitoring: Starting: spawned pid '456590'","log":{"source":"elastic-agent"},"component":{"id":"beat/metrics-monitoring","state":"STARTING"},"unit":{"id":"beat/metrics-monitoring","type":"output","state":"STARTING"},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:29.969Z","log.origin":{"file.name":"coordinator/coordinator.go","file.line":593},"message":"Spawned new unit beat/metrics-monitoring-metrics-monitoring-beats: Starting: spawned pid '456590'","log":{"source":"elastic-agent"},"component":{"id":"beat/metrics-monitoring","state":"STARTING"},"unit":{"id":"beat/metrics-monitoring-metrics-monitoring-beats","type":"input","state":"STARTING"},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:30.131Z","message":"Home path: [/opt/Elastic/Agent/data/elastic-agent-8.14.3-2df2c1/components] Config path: [/opt/Elastic/Agent/data/elastic-agent-8.14.3-2df2c1/components] Data path: [/opt/Elastic/Agent/data/elastic-agent-8.14.3-2df2c1/run/beat/metrics-monitoring] Logs path: [/opt/Elastic/Agent/data/elastic-agent-8.14.3-2df2c1/components/logs]","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"beat/metrics-monitoring","type":"beat/metrics"},"log":{"source":"beat/metrics-monitoring"},"log.origin":{"file.line":816,"file.name":"instance/beat.go","function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).configure"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:30.149Z","message":"Applying performance preset 'balanced': {\n  \"bulk_max_size\": 1600,\n  \"compression_level\": 1,\n  \"idle_connection_timeout\": \"3s\",\n  \"queue\": {\n    \"mem\": {\n      \"events\": 3200,\n      \"flush\": {\n        \"min_events\": 1600,\n        \"timeout\": \"10s\"\n      }\n    }\n  },\n  \"worker\": 1\n}","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"log.logger":"elasticsearch","log.origin":{"file.line":63,"file.name":"elasticsearch/elasticsearch.go","function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.makeES"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2024-07-18T07:25:30.149Z","message":"Performance preset 'balanced' overrides user setting for field 'bulk_max_size'","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"log.logger":"elasticsearch","log.origin":{"file.line":66,"file.name":"elasticsearch/elasticsearch.go","function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.makeES"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:30.149Z","message":"elasticsearch url: http://127.0.0.1:9200","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"log.logger":"esclientleg","log.origin":{"file.line":122,"file.name":"eslegclient/connection.go","function":"github.com/elastic/beats/v7/libbeat/esleg/eslegclient.NewConnection"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:30.150Z","log.origin":{"file.name":"coordinator/coordinator.go","file.line":624},"message":"Unit state changed system/metrics-default (STARTING->HEALTHY): Healthy","log":{"source":"elastic-agent"},"component":{"id":"system/metrics-default","state":"HEALTHY"},"unit":{"id":"system/metrics-default","type":"output","state":"HEALTHY","old_state":"STARTING"},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:30.150Z","message":"initializing HostFS values under agent: /","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"log.origin":{"file.line":57,"file.name":"sysinit/init.go","function":"github.com/elastic/beats/v7/metricbeat/internal/sysinit.InitSystemModule"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:30.150Z","message":"got DiagnosticSetup request for system/cpu","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"log.logger":"system.cpu","log.origin":{"file.line":106,"file.name":"cpu/cpu.go","function":"github.com/elastic/beats/v7/metricbeat/module/system/cpu.(*MetricSet).Diagnostics"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:30.151Z","message":"registering callback with cpu-stat","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"log.logger":"centralmgmt.V2-manager.diagnostic-manager","log.origin":{"file.line":44,"file.name":"management/managerV2.go","function":"github.com/elastic/beats/v7/x-pack/libbeat/management.diagnosticHandler.Register"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:30.151Z","message":"registering callback with cpu-cpuinfo","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"log.origin":{"file.line":44,"file.name":"management/managerV2.go","function":"github.com/elastic/beats/v7/x-pack/libbeat/management.diagnosticHandler.Register"},"service.name":"metricbeat","ecs.version":"1.6.0","log.logger":"centralmgmt.V2-manager.diagnostic-manager","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:30.151Z","message":"initializing HostFS values under agent: /","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"ecs.version":"1.6.0","log.origin":{"file.line":57,"file.name":"sysinit/init.go","function":"github.com/elastic/beats/v7/metricbeat/internal/sysinit.InitSystemModule"},"service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:30.151Z","message":"got DiagnosticSetup request for system/memory","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"log.logger":"system.memory","log.origin":{"file.line":76,"file.name":"memory/memory.go","function":"github.com/elastic/beats/v7/metricbeat/module/system/memory.(*MetricSet).Diagnostics"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:30.151Z","message":"registering callback with memory-meminfo","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"log.origin":{"file.line":44,"file.name":"management/managerV2.go","function":"github.com/elastic/beats/v7/x-pack/libbeat/management.diagnosticHandler.Register"},"service.name":"metricbeat","ecs.version":"1.6.0","log.logger":"centralmgmt.V2-manager.diagnostic-manager","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:30.151Z","message":"initializing HostFS values under agent: /","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"service.name":"metricbeat","ecs.version":"1.6.0","log.origin":{"file.line":57,"file.name":"sysinit/init.go","function":"github.com/elastic/beats/v7/metricbeat/internal/sysinit.InitSystemModule"},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:30.151Z","message":"initializing HostFS values under agent: /","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"log.origin":{"file.line":57,"file.name":"sysinit/init.go","function":"github.com/elastic/beats/v7/metricbeat/internal/sysinit.InitSystemModule"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:30.151Z","message":"Ignoring filesystem types: sysfs, tmpfs, bdev, proc, cgroup, cgroup2, cpuset, devtmpfs, configfs, debugfs, tracefs, securityfs, sockfs, bpf, pipefs, ramfs, hugetlbfs, devpts, ecryptfs, fuse, fusectl, mqueue, pstore, autofs, binfmt_misc","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"log.origin":{"file.line":70,"file.name":"filesystem/filesystem.go","function":"github.com/elastic/beats/v7/metricbeat/module/system/filesystem.New"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:30.152Z","message":"got DiagnosticSetup request for system/memory","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"log.logger":"system.filesystem","log.origin":{"file.line":112,"file.name":"filesystem/filesystem.go","function":"github.com/elastic/beats/v7/metricbeat/module/system/filesystem.(*MetricSet).Diagnostics"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:30.152Z","message":"registering callback with filesystem-filesystems","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"ecs.version":"1.6.0","log.logger":"centralmgmt.V2-manager.diagnostic-manager","log.origin":{"file.line":44,"file.name":"management/managerV2.go","function":"github.com/elastic/beats/v7/x-pack/libbeat/management.diagnosticHandler.Register"},"service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:30.152Z","message":"registering callback with filesystem-mounts","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"log.logger":"centralmgmt.V2-manager.diagnostic-manager","log.origin":{"file.line":44,"file.name":"management/managerV2.go","function":"github.com/elastic/beats/v7/x-pack/libbeat/management.diagnosticHandler.Register"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:30.152Z","log.origin":{"file.name":"coordinator/coordinator.go","file.line":624},"message":"Unit state changed system/metrics-default-unique-system-metrics-input (STARTING->HEALTHY): Healthy","log":{"source":"elastic-agent"},"component":{"id":"system/metrics-default","state":"HEALTHY"},"unit":{"id":"system/metrics-default-unique-system-metrics-input","type":"input","state":"HEALTHY","old_state":"STARTING"},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:30.153Z","log.origin":{"file.name":"cmd/run.go","file.line":360},"message":"reexec shutdown channel triggered","log":{"source":"elastic-agent"},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:30.258Z","message":"Received signal \"terminated\", stopping","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"service.name":"filebeat","ecs.version":"1.6.0","log.logger":"service","log.origin":{"file.line":52,"file.name":"service/service.go","function":"github.com/elastic/elastic-agent-libs/service.HandleSignals.func1"},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:30.258Z","message":"Received signal \"terminated\", stopping","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"service.name":"metricbeat","ecs.version":"1.6.0","log.logger":"service","log.origin":{"file.line":52,"file.name":"service/service.go","function":"github.com/elastic/elastic-agent-libs/service.HandleSignals.func1"},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:30.258Z","message":"Stopping filebeat","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"log.origin":{"file.line":484,"file.name":"beater/filebeat.go","function":"github.com/elastic/beats/v7/filebeat/beater.(*Filebeat).Stop"},"service.name":"filebeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:30.258Z","message":"Stopping Crawler","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"log.origin":{"file.line":155,"file.name":"beater/crawler.go","function":"github.com/elastic/beats/v7/filebeat/beater.(*crawler).Stop"},"service.name":"filebeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:30.258Z","message":"Stopping 0 inputs","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"ecs.version":"1.6.0","log.origin":{"file.line":165,"file.name":"beater/crawler.go","function":"github.com/elastic/beats/v7/filebeat/beater.(*crawler).Stop"},"service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:30.258Z","message":"Crawler stopped","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"log.origin":{"file.line":185,"file.name":"beater/crawler.go","function":"github.com/elastic/beats/v7/filebeat/beater.(*crawler).Stop"},"service.name":"filebeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:30.258Z","message":"Stopping 4 runners ...","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"log.logger":"centralmgmt","log.origin":{"file.line":188,"file.name":"cfgfile/list.go","function":"github.com/elastic/beats/v7/libbeat/cfgfile.(*RunnerList).Stop"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:30.258Z","message":"Stopping Registrar","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"log.origin":{"file.line":130,"file.name":"registrar/registrar.go","function":"github.com/elastic/beats/v7/filebeat/registrar.(*Registrar).Stop"},"service.name":"filebeat","ecs.version":"1.6.0","log.logger":"registrar","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:30.258Z","message":"Ending Registrar","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"log.origin":{"file.line":164,"file.name":"registrar/registrar.go","function":"github.com/elastic/beats/v7/filebeat/registrar.(*Registrar).Run"},"service.name":"filebeat","ecs.version":"1.6.0","log.logger":"registrar","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:30.258Z","message":"Registrar stopped","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"log.logger":"registrar","log.origin":{"file.line":135,"file.name":"registrar/registrar.go","function":"github.com/elastic/beats/v7/filebeat/registrar.(*Registrar).Stop"},"service.name":"filebeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:30.262Z","message":"Total metrics","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"log.logger":"monitoring","log.origin":{"file.line":195,"file.name":"log/log.go","function":"github.com/elastic/beats/v7/libbeat/monitoring/report/log.(*reporter).logTotals"},"service.name":"filebeat","monitoring":{"ecs.version":"1.6.0","metrics":{"amqp":{"unmatched_requests":0,"unmatched_responses":0},"auditd":{"kernel_lost":0,"reassembler_seq_gaps":0,"received_msgs":0,"userspace_lost":0},"beat":{"cgroup":{"cpu":{"cfs":{"period":{"us":100000},"quota":{"us":0}},"id":"elastic-agent.service","stats":{"periods":0,"throttled":{"ns":0,"periods":0}}},"cpuacct":{"id":"elastic-agent.service","total":{"ns":3264783570}},"memory":{"id":"elastic-agent.service","mem":{"limit":{"bytes":9223372036854772000},"usage":{"bytes":235073536}}}},"cpu":{"system":{"ticks":80,"time":{"ms":80}},"total":{"ticks":250,"time":{"ms":250},"value":250},"user":{"ticks":170,"time":{"ms":170}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":17},"info":{"ephemeral_id":"a17148ff-bdbf-4d0b-8ac3-782837229e2f","name":"filebeat","uptime":{"ms":718},"version":"8.14.3"},"memstats":{"gc_next":55330536,"memory_alloc":46961992,"memory_sys":63108020,"memory_total":52919008,"rss":166170624},"runtime":{"goroutines":45}},"dhcpv4":{"parse_failures":0,"total_packets":0},"dns":{"unmatched_requests":0,"unmatched_responses":0},"filebeat":{"events":{"active":0,"added":0,"done":0},"harvester":{"closed":0,"open_files":0,"running":0,"skipped":0,"started":0},"input":{"log":{"files":{"renamed":0,"truncated":0}}}},"heartbeat":{"browser":{"endpoint_starts":0,"endpoint_stops":0,"monitor_starts":0,"monitor_stops":0},"http":{"endpoint_starts":0,"endpoint_stops":0,"monitor_starts":0,"monitor_stops":0},"icmp":{"endpoint_starts":0,"endpoint_stops":0,"monitor_starts":0,"monitor_stops":0},"tcp":{"endpoint_starts":0,"endpoint_stops":0,"monitor_starts":0,"monitor_stops":0}},"http":{"unmatched_requests":0,"unmatched_responses":0},"icmp":{"duplicate_requests":0,"unmatched_requests":0,"unmatched_responses":0},"libbeat":{"config":{"module":{"running":0,"starts":0,"stops":0},"reloads":0,"scans":0},"output":{"batches":{"split":0},"events":{"acked":0,"active":0,"batches":0,"dropped":0,"duplicates":0,"failed":0,"toomany":0,"total":0},"read":{"bytes":0,"errors":0},"type":"","write":{"bytes":0,"errors":0,"latency":{"histogram":{"count":0,"max":0,"mean":0,"median":0,"min":0,"p75":0,"p95":0,"p99":0,"p999":0,"stddev":0}}}},"pipeline":{"clients":0,"events":{"active":0,"dropped":0,"failed":0,"filtered":0,"published":0,"retry":0,"total":0},"queue":{"acked":0,"max_events":0}}},"memcache":{"unfinished_transactions":0,"unmatched_requests":0,"unmatched_responses":0},"mongodb":{"unmatched_requests":0},"mysql":{"unmatched_requests":0,"unmatched_responses":0},"nfs":{"unmatched_requests":0},"pgsql":{"unmatched_responses":0},"processor":{"add_host_metadata":{"fqdn_lookup_failed":0}},"redis":{"unmatched_requests":0,"unmatched_responses":0},"registrar":{"states":{"cleanup":0,"current":0,"update":0},"writes":{"fail":0,"success":0,"total":0}},"system":{"cpu":{"cores":8},"load":{"1":0.4,"15":0.11,"5":0.14,"norm":{"1":0.05,"15":0.0138,"5":0.0175}}},"thrift":{"unmatched_requests":0,"unmatched_responses":0}}},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:30.262Z","message":"Uptime: 699.405569ms","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"log.logger":"monitoring","log.origin":{"file.line":196,"file.name":"log/log.go","function":"github.com/elastic/beats/v7/libbeat/monitoring/report/log.(*reporter).logTotals"},"service.name":"filebeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:30.262Z","message":"Stopping metrics logging.","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"ecs.version":"1.6.0","log.logger":"monitoring","log.origin":{"file.line":163,"file.name":"log/log.go","function":"github.com/elastic/beats/v7/libbeat/monitoring/report/log.(*reporter).snapshotLoop"},"service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:30.262Z","message":"Stats endpoint (/opt/Elastic/Agent/data/tmp/xTEtpJ7117ppc6OYvJCaYHbDW8mLjXGe.sock) finished: accept unix /opt/Elastic/Agent/data/tmp/xTEtpJ7117ppc6OYvJCaYHbDW8mLjXGe.sock: use of closed network connection","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"service.name":"filebeat","ecs.version":"1.6.0","log.logger":"api","log.origin":{"file.line":73,"file.name":"api/server.go","function":"github.com/elastic/beats/v7/libbeat/api.(*Server).Start.func1"},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:30.262Z","message":"filebeat stopped.","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"log.origin":{"file.line":537,"file.name":"instance/beat.go","function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).launch"},"service.name":"filebeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2024-07-18T07:25:32.084Z","message":"add_cloud_metadata: received error failed requesting openstack metadata: Get \"https://169.254.169.254/2009-04-04/meta-data/instance-id\": dial tcp 169.254.169.254:443: i/o timeout","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"service.name":"metricbeat","ecs.version":"1.6.0","log.logger":"add_cloud_metadata","log.origin":{"file.line":190,"file.name":"add_cloud_metadata/providers.go","function":"github.com/elastic/beats/v7/libbeat/processors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata"},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:32.084Z","message":"add_cloud_metadata: hosting provider type not detected.","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"log.logger":"add_cloud_metadata","log.origin":{"file.line":100,"file.name":"add_cloud_metadata/add_cloud_metadata.go","function":"github.com/elastic/beats/v7/libbeat/processors/add_cloud_metadata.(*addCloudMetadata).init.func1"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:32.087Z","message":"Total metrics","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"log.logger":"monitoring","log.origin":{"file.line":195,"file.name":"log/log.go","function":"github.com/elastic/beats/v7/libbeat/monitoring/report/log.(*reporter).logTotals"},"service.name":"metricbeat","monitoring":{"ecs.version":"1.6.0","metrics":{"amqp":{"unmatched_requests":0,"unmatched_responses":0},"auditd":{"kernel_lost":0,"reassembler_seq_gaps":0,"received_msgs":0,"userspace_lost":0},"beat":{"cgroup":{"cpu":{"cfs":{"period":{"us":100000},"quota":{"us":0}},"id":"elastic-agent.service","stats":{"periods":0,"throttled":{"ns":0,"periods":0}}},"cpuacct":{"id":"elastic-agent.service","total":{"ns":3304853881}},"memory":{"id":"elastic-agent.service","mem":{"limit":{"bytes":9223372036854772000},"usage":{"bytes":109453312}}}},"cpu":{"system":{"ticks":100,"time":{"ms":100}},"total":{"ticks":340,"time":{"ms":340},"value":340},"user":{"ticks":240,"time":{"ms":240}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":11},"info":{"ephemeral_id":"2b4a42f3-22a2-49eb-947b-019a995de7cc","name":"metricbeat","uptime":{"ms":3056},"version":"8.14.3"},"memstats":{"gc_next":66482944,"memory_alloc":35279056,"memory_sys":67040180,"memory_total":60201232,"rss":169058304},"runtime":{"goroutines":27}},"dhcpv4":{"parse_failures":0,"total_packets":0},"dns":{"unmatched_requests":0,"unmatched_responses":0},"filebeat":{"harvester":{"closed":0,"open_files":0,"running":0,"skipped":0,"started":0},"input":{"log":{"files":{"renamed":0,"truncated":0}}}},"heartbeat":{"browser":{"endpoint_starts":0,"endpoint_stops":0,"monitor_starts":0,"monitor_stops":0},"http":{"endpoint_starts":0,"endpoint_stops":0,"monitor_starts":0,"monitor_stops":0},"icmp":{"endpoint_starts":0,"endpoint_stops":0,"monitor_starts":0,"monitor_stops":0},"tcp":{"endpoint_starts":0,"endpoint_stops":0,"monitor_starts":0,"monitor_stops":0}},"http":{"unmatched_requests":0,"unmatched_responses":0},"icmp":{"duplicate_requests":0,"unmatched_requests":0,"unmatched_responses":0},"libbeat":{"config":{"module":{"running":4,"starts":4,"stops":0},"reloads":0,"scans":0},"output":{"batches":{"split":0},"events":{"acked":0,"active":0,"batches":0,"dropped":0,"duplicates":0,"failed":0,"toomany":0,"total":0},"read":{"bytes":0,"errors":0},"type":"elasticsearch","write":{"bytes":0,"errors":0,"latency":{"histogram":{"count":0,"max":0,"mean":0,"median":0,"min":0,"p75":0,"p95":0,"p99":0,"p999":0,"stddev":0}}}},"pipeline":{"clients":0,"events":{"active":2,"dropped":0,"failed":4,"filtered":0,"published":2,"retry":0,"total":6},"queue":{"acked":0,"max_events":3200}}},"memcache":{"unfinished_transactions":0,"unmatched_requests":0,"unmatched_responses":0},"mongodb":{"unmatched_requests":0},"mysql":{"unmatched_requests":0,"unmatched_responses":0},"nfs":{"unmatched_requests":0},"pgsql":{"unmatched_responses":0},"processor":{"add_host_metadata":{"fqdn_lookup_failed":0}},"redis":{"unmatched_requests":0,"unmatched_responses":0},"registrar":{"states":{"cleanup":0,"current":0,"update":0},"writes":{"fail":0,"success":0,"total":0}},"system":{"cpu":{"cores":8},"load":{"1":0.4,"15":0.11,"5":0.14,"norm":{"1":0.05,"15":0.0138,"5":0.0175}}},"thrift":{"unmatched_requests":0,"unmatched_responses":0}}},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:32.087Z","message":"Uptime: 3.037284757s","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"service.name":"metricbeat","ecs.version":"1.6.0","log.logger":"monitoring","log.origin":{"file.line":196,"file.name":"log/log.go","function":"github.com/elastic/beats/v7/libbeat/monitoring/report/log.(*reporter).logTotals"},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:32.087Z","message":"Stopping metrics logging.","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"service.name":"metricbeat","ecs.version":"1.6.0","log.logger":"monitoring","log.origin":{"file.line":163,"file.name":"log/log.go","function":"github.com/elastic/beats/v7/libbeat/monitoring/report/log.(*reporter).snapshotLoop"},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:32.088Z","message":"Stats endpoint (/opt/Elastic/Agent/data/tmp/iThI_df0cBKC6YUNGGlKscMkOfz3FBH3.sock) finished: accept unix /opt/Elastic/Agent/data/tmp/iThI_df0cBKC6YUNGGlKscMkOfz3FBH3.sock: use of closed network connection","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"service.name":"metricbeat","ecs.version":"1.6.0","log.logger":"api","log.origin":{"file.line":73,"file.name":"api/server.go","function":"github.com/elastic/beats/v7/libbeat/api.(*Server).Start.func1"},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-07-18T07:25:32.088Z","message":"metricbeat stopped.","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"log.origin":{"file.line":537,"file.name":"instance/beat.go","function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).launch"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}

Think no connection with the private or the public IP is done.

Thanks for your support!

Kind regards,

otortosa · July 19, 2024, 1:02pm

Hello Leandro!

Found the issue.

{"log.level":"error","@timestamp":"2024-07-18T19:17:34.809Z","message":"Failed to connect to backoff(elasticsearch(https://185.35.143.142:9200)): Get "https://x.x.x.x:9200": x509: certificate is valid for 10.5.35.19, fe80::250:56ff:fe98:3987, ::1, 127.0.0.1, not x.x.x.x","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"log-default","type":"log"},"log":{"source":"log-default"},"log.logger":"publisher_pipeline_output","log.origin":{"file.line":148,"file.name":"pipeline/client_worker.go","function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*netClientWorker).run"},"service.name":"filebeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}

Certificate not connecting the public IP.

Where I have to add the IP?

Thanks for your support!

Kind regards,

ahmed_fetoh · July 31, 2024, 7:29pm

did u solve it because i have the same issue !

Topic		Replies	Views
Elastic agent behind NAT Elastic Agent	2	418	November 9, 2022
Fleet agent doesn't work Elastic Agent fleet	14	999	September 13, 2022
Error: fleet-server failed: context canceled Elastic Agent fleet	4	1920	May 16, 2023
Configure fleet server Elastic Observability docker , fleet	5	606	March 13, 2024
Fleet Server not respecting custom port config Elastic Agent fleet	5	575	October 7, 2022

Fleet Policy different IP from the server

Related topics