Hi,
We are testing out locally installed elk stack, enrolled agents to fleet and they are shown as healthy but in hosts section I see only fleet server and in endpoint section it just suggests to enroll agents, not showing already enrolled agents.
Found one similar topic, there was suggestion to check if transforms are started, we have 2 transforms active and even tried to stop them and start again, but did not change anything.
@Guncixx thanks for trying our Endpoint Security, sorry you're having trouble right now.
It's good that your transforms are running. I'll rule that out for now.
Can you check that your Endpoints are streaming relevant data? You can do this in the Kibana UI by going to "Stack Management > Index Management" and looking at the "Data Streams" tab.
Search by "endpoint" and you should see some data streams here following the patterns logs-endpoint* and metrics-endpoint*
If you do not see any data streams related to endpoint then it's likely the Endpoint isn't successfully streaming data.
If this is is the case, can you access the Host that your Agent is running on and check to see if Endpoint is installed? It's possible that the Agent has failed to install Endpoint on your hosts.
You can do this by checking for the existence of these directories on your Host machines.
Windows:
c:\Program Files\Elastic\Endpoint
Mac:
/Library/Elastic/Endpoint
Linux:
/opt/Elastic/Endpoint
If these directories exist and the Endpoint is running, can you check the Endpoint logs? There may be a reason that Endpoint cannot connect to Elasticsearch.
You can find the log files below.
Windows:
As administrator copy the contents of C:\Program Files\Elastic\Endpoint\state\log to another directory outside of Elastic and open the log file there. (This is required because of Endpoint self protection.) Are there any errors in the logs referring to failed attempts to stream documents?
follow similar steps for the other OSs.
Mac:
log location: /Library/Elastic/Endpoint/state/log
Linux:
log location: /opt/Elastic/Endpoint/state/log
Let me know what you find or if you have questions.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
