I've installed the fleet server on my virtual Ubuntu version 22 machine but I can't get the fleet server to show in Kibana. I checked Ubuntu elastic-agent service and it was showing inactive so I started it with "systemctl start elastic-agent.service" and now it says "failed". I don't know where to find specific logs related to this. Any help?
You need to check your system logs for any hint about why the service is not running.
Try to start it again to get fresh logs and check on /var/log/syslog.
I don't have a syslog directory, unfortunately.
It is not a directory, it is a file called syslog inside /var/log, this is normally where Ubuntu stores the systems logs.
Check if rsyslog is running with systemctl status rsyslog, if it is not running you will not have this file.
I'm not sure you can find this error anywhere, so you need to have rsyslog running for the log to be generated.
You could also check the Elastic Agent log to see if there is any information, but since the systemd service is failing it is possible that the service does not log anything.
The Elastic Agent logs would be in a path similar to this:
/opt/Elastic/Agent/data/elastic-agent-*/logs/elastic-agent-json.log
I tried that, no rsyslog serivice is found. Also, I don't have any elastic log location in that path.
It is pretty hard to troubleshoot it without logs.
How did you install the Agent?
I just installed the rsystem and got the syslog path to show up. I tried starting elastic agent again and I checked the logs. It says No such file or directory to locate.
If you want, you may install the rsyslog service to get system logs.
sudo apt install rsyslog
This will install and enable rsyslog and then you will have the /var/log/syslog with your system logs.
I ran the commands elastic gave me:
curl -L -O https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-8.7.0-linux-x86_64.tar.gz
tar xzvf elastic-agent-8.7.0-linux-x86_64.tar.gz
cd elastic-agent-8.7.0-linux-x86_64
sudo ./elastic-agent install
--fleet-server-es=https://localhost:9200
--fleet-server-service-token=AAEAAWVsYXN0aWMvZmxlZXQtc2VydmVyL3Rva2VuLTE2ODIyNjAyMjY4OTU6R25lWXdPWXFUalNUUnA3bHZ1akl5QQ
--fleet-server-policy=fleet-server-policy
--fleet-server-es-ca-trusted-fingerprint=5d5b496ed500bc148a138d39ac53eb0db26d0323a79c51cf5298b0a96271b430
Not sure why it's not there.
The message in your screenshot says that the elastic-agent was already installed as a system package, using .deb in your case, so this command is not working.
Can you check if this is the case?
sudo apt list --installed | grep elastic
Also, you may look in Kibana, in the same place you add a fleet server, what are the steps when you install it as a DEB package.
Yeah, it shows installed, but Kibana isn't able to confirm the connection. It says that it's recommended to use tar/zip over system packages.
curl -L -O https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-8.7.0-amd64.deb
sudo dpkg -i elastic-agent-8.7.0-amd64.deb
sudo elastic-agent enroll
--fleet-server-es=https://localhost:9200
--fleet-server-service-token=AAEAAWVsYXN0aWMvZmxlZXQtc2VydmVyL3Rva2VuLTE2ODIyNjAyMjY4OTU6R25lWXdPWXFUalNUUnA3bHZ1akl5QQ
--fleet-server-policy=fleet-server-policy
--fleet-server-es-ca-trusted-fingerprint=5d5b496ed500bc148a138d39ac53eb0db26d0323a79c51cf5298b0a96271b430
sudo systemctl enable elastic-agent
sudo systemctl start elastic-agent
I enabled and tried to start using the deb package method but same issue.
I would remove the package and try to install it following the .tar.gz distribution.
1 Like
@Tanner_Sutherlin Hi and welcome to the community.
I think I have seen the before ...
Did you have a previous version of elastic agent on the system? Before you started this at the top of your post?
Either way...
If you have it installed please reload the systems
sudo /bin/systemctl daemon-reload
I would remove via the package.
Then I would check to see if
/opt/Elastic/Agent/elastic-agent is still there
if so run
sudo /opt/Elastic/Agent/elastic-agent uninstall
Then I would install with the tar.gz
and try again
if it fails run
sudo /bin/systemctl daemon-reload
then try again.
Where the agent runs from has been moved... I think you have an old sym link
This might help same error I helped debugg a bit back
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.