Fleet server goes down when elastic search node used to enroll the fleet server goes down

shi · October 21, 2022, 3:59am

We have 3 elasticsearch nodes and a client node.
node 1, node 2, node 3

We added all the elasticsearch nodes as output in fleet settings so that even when one elasticsearch node goes down, the fleet will sent the data to other nodes.

We enrolled fleet server with the elasticsearch IP of node 1. We added elastic agent on our clients and started ingesting our logs.

Now

When the node 1 of elasticsearch goes down,

The fleet server and the agents are shown as offline in Kibana. As a result we can't push any new policies.

The data from the agents are still being ingested because we gave the fleet server output as node1, node2 and node3 (i.e., no issue with data ingestion)

There is no issue with fleet server when node2 or node 3 goes down.

How can we use the fleet server to push the policies even when node 1 (elasticsearch node used to enroll the fleet server) goes down?

MichelLaterman · October 26, 2022, 6:23pm

Hi,

Can you please provide the config from the agent running fleet-server? The diagnostics collect command (Elastic Agent command reference | Fleet and Elastic Agent Guide [8.4] | Elastic) can be used to gather this as well as the config provided through kibana?

system · December 21, 2022, 1:44pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.