Hi,
i have setup elastic stack at work ,
i have installed the agent in few servers and laptops
everything works well , but if a laptop is outside the work network then the cpu will hit 100% untill it crash and the do the same over and over.
if connected back to the network then everything works well
Hello,
You need to provide more context, like what version are you using, what policies are you using in the integration of the laptops, how your output is configured in the policy etc.
Also, get some logs from the agents and share them.
Is your elasticsearch publicly available to your agents?
You need to share the logs as well.
Also, the AbuseCH integration should run on just one agent, it does not make sense running it in multiple hosts it would just lead to duplication of data.
Not sure what could be the issue, but since your agents is for local network only, when they are outside the network they will not be able to send any data, but will still keep trying forever, this may be leading to the increase of the CPU.
Another thing is that 8.11.X had some issues, I would upgrade if possible, but you need to upgrade your cluster and fleet server first as you cannot have an agent on a higher minor version than your Fleet Server.
2 Likes
Thanks,
I upgraded and all works fine now