No Data streams

Elastic Stack Kibana
1

Hello, i hope you are doing well
This my infra

ELASTIC

v-elkmaster01.sys.u-bordeaux.fr
v-elkmaster02.sys.u-bordeaux.fr
v-elkmaster03.sys.u-bordeaux.fr
p-elkhot01.sys.u-bordeaux.fr
p-elkhot02.sys.u-bordeaux.fr
p-elkwarm01.sys.u-bordeaux.fr

KIBANA

v-kibana01.sys.u-bordeaux.fr

FLEET

http://v-elkfleet01.sys.u-bordeaux.fr

has a public certificate

Elastic has self-signed certificate
kibana has public cerficate

For Elasitic,kibana,and fleet all seem good

I add an agent policy with the integration HAProxy

I had 2 agents

all seems ok, the status is Healthy for all

But In the Data streams tab, there is "No data streams"

Did i miss something

Thanks in advance

Best Regards

2

Hi @Jean-Claude Hope This Helps

Did you carefully read through this...

If Elasticsearch is using a self-signed cert , then the Elastic Agents need that CA or trusted fingerprint because Agents send Data directly to Elasticsearch

See Here

To encrypt traffic between Elastic Agents, Fleet Server, and Elasticsearch:

  1. Configure Fleet settings. These settings are applied to all Fleet-managed Elastic Agents.

  2. In Kibana, open the main menu, then click Management > Fleet > Settings.

  3. Under Fleet Server hosts, specify the URLs Elastic Agents will use to connect to Fleet Server. For example, https://192.0.2.1:8220, where 192.0.2.1 is the host IP where you will install Fleet Server.

For host settings, use the https protocol. DNS-based names are also allowed.

  1. Under Outputs, search for the default output, then click the Edit icon in the Action column.
  2. In the Hosts field, specify the Elasticsearch URLs where Elastic Agents will send data. For example, https://192.0.2.0:9200.
  3. Specify either a CA certificate or CA fingerprint to connect securely Elasticsearch:
    File path example:
  • If you have a valid HEX encoded SHA-256 CA trusted fingerprint from root CA, specify it in the Elasticsearch CA trusted fingerprint field. To learn more, refer to the Elasticsearch security documentation.
  • Otherwise, under Advanced YAML configuration, set ssl.certificate_authorities and specify the CA certificate to use to connect to Elasticsearch. You can specify a list of file paths (if the files are available), or embed a certificate directly in the YAML configuration. If you specify file paths, the certificates must be available on the hosts running the Elastic Agents.File path example:

ssl.certificate_authorities: ["/path/to/your/elasticsearch-ca.crt"]

Look at the diagram on this page

Screenshot 2023-10-13 at 10.22.46 AM
Screenshot 2023-10-13 at 10.22.46 AM2064×652 77.1 KB

Screenshot 2023-10-13 at 10.20.10 AM
Screenshot 2023-10-13 at 10.20.10 AM2866×1832 430 KB

Note: if you use the Advanced YAML configuration

ssl.certificate_authorities: ["/path/to/your/elasticsearch-ca.crt"]

That path / CA will need to be available and readable on all hosts you deploy the agent to.

3

Hello Stephen
Thanks for the reply
I did this, i used the trusted fingerprint
With tcpdump i see that the agent send data to ```
v-elkmaster01.sys.u-bordeaux.fr

But there is no data in the Data stream
Regards
4

Hi @Jean-Claude Not enough information for me to help.

What integration are you using?

Exactly which Data Streams are you expecting?

What Version ?

What do the agent logs show?

You are going to need to dig into the agent logs ...

Or log on to the host and troubleshoot the agent

5

Hello,
Thanks for your reply
the probleme is solved after adding ingest roles to elastic servers
Best regards

1 Like
6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.