Issues with Elastic Agent

abdeslam.mazouz · November 24, 2020, 9:51pm

What do you think about this; Elastic agent shows up in SIEM under administration for some servers but not all. Even if they are suing the same config and managed from Fleet. The agent piece working but the endpoint security is not.

[ 3:33 PM ]

I see this error in the ones who are not working: {"@timestamp":"2020-11-24T21:32:22.5816300Z","agent":{"id":"71ed4dc2-1882-4b99-b91c-02a7788f86e4","type":"endpoint"},"ecs":{"version":"1.5.0"},"log":{"level":"notice","origin":{"file":{"line":65,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:65 Elasticsearch connection is down","process":{"pid":19524,"thread":{"id":21260}}}

pierhugues · November 25, 2020, 1:55pm

From the messages it seems it cannot cannot to ES. Let me ask a few question to narrow down the environment.

What version are you running of the Elastic Agent? And on the problematic host do you see endpoint running?

abdeslam.mazouz · November 25, 2020, 6:29pm

Yes. It is strange because I have servers on the same network and they are working just fine. The only difference I see if the OS. I am running version 7.9.3 for agent and Elastic and Kibana.

The Endpoint service is running properly and shows up in fleet. The only place it does not show up in is under Administration under SIEM.

Topic		Replies	Views
Elastic Endpoint cannot connect to agent Endpoint Security	6	1144	July 26, 2024
Windows 2019: elastic-agent and endpoint security SIEM elastic-agent	1	497	December 15, 2020
Endpoint config on elastic Endpoint Security	5	492	September 22, 2020
Elastic Endpoint Security with Elastic Agent Endpoint Security	16	3345	November 10, 2020
Elastic agent shows healthy (Also no error messages in Logs) in Kibana but fails to send data to elastic search Endpoint Security	6	3537	June 2, 2022

Issues with Elastic Agent

Related topics