What do you think about this; Elastic agent shows up in SIEM under administration for some servers but not all. Even if they are suing the same config and managed from Fleet. The agent piece working but the endpoint security is not.
[ 3:33 PM ]
I see this error in the ones who are not working: {"@timestamp":"2020-11-24T21:32:22.5816300Z","agent":{"id":"71ed4dc2-1882-4b99-b91c-02a7788f86e4","type":"endpoint"},"ecs":{"version":"1.5.0"},"log":{"level":"notice","origin":{"file":{"line":65,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:65 Elasticsearch connection is down","process":{"pid":19524,"thread":{"id":21260}}}
Yes. It is strange because I have servers on the same network and they are working just fine. The only difference I see if the OS. I am running version 7.9.3 for agent and Elastic and Kibana.
The Endpoint service is running properly and shows up in fleet. The only place it does not show up in is under Administration under SIEM.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.