I'm trying to get logs sent to my Elasticsearch instance w/ Elastic Cloud Enterprise (Self Hosted), and i'm seeing the following error in the logs:
{"file.name":"pipeline/output.go","file.line":154},"message":"Failed to connect to backoff(elasticsearch(https://MY_ELASTIC_CLOUD_ENTERPRISE.ip.es.io:9243)): Get "https://MY_ELASTIC_CLOUD_ENTERPRISE.ip.es.io:9243": x509: certificate signed by unknown authority","ecs.version":"1.6.0"}
I'm using a self signed ca certificate that's generated by Elastic Cloud Enterprise, and i've configured my output in Fleet to the following:
outputs:
default:
type: elasticsearch
ssl.certificate_authorities:
- 'C:\Users\Administrator\Documents\elastic-agent\ca.crt'
hosts:
- 'https://MY_ELASTIC_CLOUD_ENTERPRISE.ip.es.io:9243'
username: elastic
password: password
I installed the Elastic Agent on Windows with the following command:
.\elastic-agent.exe install -f --kibana-url=https://MY_ELASTIC_CLOUD_ENTERPRISE.ip.es.io:9243 --enrollment-token=LTM1LV9IY0JBQlBjZWtDalcwZ2Y6WDV5S0QtM0xRaXlMT05tcmtpWFNwQQ== --certificate-authorities C:\Users\Administrator\Documents\elastic-agent\ca.crt
^ I was able to install/enroll just fine.. and the Kibana checkin is working as well.
The only issue i'm having is with my elasticsearch requests... and it's saying that my certificate is signed by an unknown authority.
I've even installed the CA Cert at the OS level:
^ You can see the locked icon indicating that it's a valid connection.
Is there a bug with the Fleet Agent right now in terms of Elasticsearch? Because it seems like the Kibana side is working just fine.
Anyone know what the issue is?
Note: I don't want to use the --insecure parameter.. id rather get this actually working with the CA cert.
I was formatting the output configuration wrong in the UI... it should be like this (without the outputs, and default):