Not able to start standalone Elastic Agent in my windows machine

Raminder_Gujral · March 14, 2024, 9:48am

Can you please help - I am trying to start standalone elastic agent in my windows machine and it keeps trying connecting to end point without any success.

Here are the logs please:

ERROR MESSAGE:

{"log.level":"info","@timestamp":"2024-03-14T15:09:10.295+0530","message":"Attempting to reconnect to backoff(elasticsearch()) with 41 reconnect attempt(s)","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"log.logger":"publisher_pipeline_output","log.origin":{"file.line":139,"file.name":"pipeline/client_worker.go","function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*netClientWorker).run"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2024-03-14T15:09:12.350+0530","message":"Error dialing dial tcp XXXXXX: connectex: No connection could be made because the target machine actively refused it.","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"{"source":"monitoring"},"log.logger":"esclientleg","service.name":"metricbeat","network":"tcp","address":"XXXXXXX","log.origin":{"file.line":38,"file.name":"transport/logging.go","function":"github.com/elastic/elastic-agent-libs/transport.LoggingDialer.func1"},"ecs.version":"1.6.0","ecs.version":"1.6.0"}

dadoonet · March 14, 2024, 11:24am

The log says:

No connection could be made because the target machine actively refused it.

So you need to check things like firewall, the elasticsearch / kibana setup.... If you don't find, then please share more details about what you did (ie what you modified, elasticsearch logs, kibana logs...)

Please format your code, logs or configuration files using </> icon as explained in this guide and not the citation button. It will make your post more readable.

Or use markdown style like:

```
CODE
```

This is the icon to use if you are not using markdown format:

There's a live preview panel for exactly this reasons.

Lots of people read these forums, and many of them will simply skip over a post that is difficult to read, because it's just too large an investment of their time to try and follow a wall of badly formatted text.
If your goal is to get an answer to your questions, it's in your interest to make it as easy to read and understand as possible.

Raminder_Gujral · March 14, 2024, 12:25pm

Thank you Dave for your reply and suggestion. Do I need to open 9200 port ?

I am trying to install standalone Elastic agent in my laptop and would feed the log files locally and then run indexing and search in Kibana to view the data there.

Here are the steps I tried:

Installed Elastic agent in Standalone mode in my windows machine - followed the steps from Elastic
Made changes to elastic-agent.yml file. I am not sure how to create api_key for windows, so kept as is, here are the entries from it:

outputs:
  default:
    type: elasticsearch
    hosts: [127.0.0.1:9200]
    api_key: "example-key"
    #username: "elastic"
    #password: "changeme"
    #preset: balanced



# Here you can configure your list of inputs. You can either configure all the inputs as a list of arrays
# or create an "inputs.d" directory containing your input configurations.
# See https://www.elastic.co/guide/en/fleet/current/elastic-agent-configuration.html for how to structure the "inputs.d" directory.
inputs:

  - id: test
    type: filestream
    streams:
      - id: teststream
        data_stream:
          dataset: commercedata
        paths:
          - /var/log/your-logs.log

Let me paste the logs here, this is post running the elastic-agent.exe as SU in power shell.

{"log.level":"error","@timestamp":"2024-03-14T17:47:12.691+0530","message":"Failed to connect to backoff(elasticsearch(http://127.0.0.1:9200)): Get \"http://127.0.0.1:9200\": dial tcp 127.0.0.1:9200: connectex: No connection could be made because the target machine actively refused it.","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"http/metrics-monitoring","type":"http/metrics"},"log":{"source":"http/metrics-monitoring"},"log.logger":"publisher_pipeline_output","log.origin":{"file.line":148,"file.name":"pipeline/client_worker.go","function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*netClientWorker).run"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-03-14T17:47:12.691+0530","message":"Attempting to reconnect to backoff(elasticsearch(http://127.0.0.1:9200)) with 5 reconnect attempt(s)","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"http/metrics-monitoring","type":"http/metrics"},"log":{"source":"http/metrics-monitoring"},"log.logger":"publisher_pipeline_output","log.origin":{"file.line":139,"file.name":"pipeline/client_worker.go","function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*netClientWorker).run"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2024-03-14T17:47:14.731+0530","message":"Error dialing dial tcp 127.0.0.1:9200: connectex: No connection could be made because the target machine actively refused it.","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"http/metrics-monitoring","type":"http/metrics"},"log":{"source":"http/metrics-monitoring"},"service.name":"metricbeat","network":"tcp","address":"127.0.0.1:9200","ecs.version":"1.6.0","log.logger":"esclientleg","log.origin":{"file.line":38,"file.name":"transport/logging.go","function":"github.com/elastic/elastic-agent-libs/transport.LoggingDialer.func1"},"ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2024-03-14T17:47:15.302+0530","message":"Failed to connect to backoff(elasticsearch(http://127.0.0.1:9200)): Get \"http://127.0.0.1:9200\": dial tcp 127.0.0.1:9200: connectex: No connection could be made because the target machine actively refused it.","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"log.logger":"publisher_pipeline_output","log.origin":{"file.line":148,"file.name":"pipeline/client_worker.go","function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*netClientWorker).run"},"service.name":"filebeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-03-14T17:47:15.302+0530","message":"Attempting to reconnect to backoff(elasticsearch(http://127.0.0.1:9200)) with 6 reconnect attempt(s)","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"service.name":"filebeat","ecs.version":"1.6.0","log.logger":"publisher_pipeline_output","log.origin":{"file.line":139,"file.name":"pipeline/client_worker.go","function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*netClientWorker).run"},"ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2024-03-14T17:47:17.355+0530","message":"Error dialing dial tcp 127.0.0.1:9200: connectex: No connection could be made because the target machine actively refused it.","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"service.name":"filebeat","address":"127.0.0.1:9200","ecs.version":"1.6.0","log.logger":"esclientleg","log.origin":{"file.line":38,"file.name":"transport/logging.go","function":"github.com/elastic/elastic-agent-libs/transport.LoggingDialer.func1"},"network":"tcp","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-03-14T17:47:33.795+0530","message":"Non-zero metrics in the last 30s","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"beat/metrics-monitoring","type":"beat/metrics"},"log":{"source":"beat/metrics-monitoring"},"log.logger":"monitoring","log.origin":{"file.line":187,"file.name":"log/log.go","function":"github.com/elastic/beats/v7/libbeat/monitoring/report/log.(*reporter).logSnapshot"},"service.name":"metricbeat","monitoring":{"ecs.version":"1.6.0","metrics":{"beat":{"cpu":{"system":{"ticks":1421,"time":{"ms":15}},"total":{"ticks":2186,"time":{"ms":15},"value":2186},"user":{"ticks":765}},"info":{"ephemeral_id":"c9723cfb-fb16-4ac0-8519-9915208496a7","uptime":{"ms":109710},"version":"8.12.2"},"memstats":{"gc_next":51510880,"memory_alloc":38719120,"memory_total":50365736,"rss":88666112},"runtime":{"goroutines":47}},"libbeat":{"config":{"module":{"running":1}},"output":{"events":{"active":0}},"pipeline":{"clients":2,"events":{"active":0}}}}},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-03-14T17:47:33.795+0530","message":"Non-zero metrics in the last 30s","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"http/metrics-monitoring","type":"http/metrics"},"log":{"source":"http/metrics-monitoring"},"service.name":"metricbeat","monitoring":{"ecs.version":"1.6.0","metrics":{"beat":{"cpu":{"system":{"ticks":1187},"total":{"ticks":2108,"time":{"ms":15},"value":2108},"user":{"ticks":921,"time":{"ms":15}}},"info":{"ephemeral_id":"74d82424-619e-4099-9f05-f9b59793dcc5","uptime":{"ms":109725},"version":"8.12.2"},"memstats":{"gc_next":44969680,"memory_alloc":36668008,"memory_total":51597680,"rss":88752128},"runtime":{"goroutines":53}},"libbeat":{"config":{"module":{"running":3}},"output":{"events":{"active":0}},"pipeline":{"clients":3,"events":{"active":6,"published":3,"retry":3,"total":3}}},"metricbeat":{"http":{"json":{"events":3,"success":3}}},"system":{"handles":{"open":2}}}},"log.logger":"monitoring","log.origin":{"file.line":187,"file.name":"log/log.go","function":"github.com/elastic/beats/v7/libbeat/monitoring/report/log.(*reporter).logSnapshot"},"ecs.version":"1.6.0"}

dadoonet · March 14, 2024, 1:10pm

Well... If you are using Elasticsearch 8.x, I guess it's secured by default so it should be in https and not http.
That'd be my first guess. And yeah 9200 port needs to be visible from the agent machine.
Best thing to do is to try to curl the url http://127.0.0.1:9200.

Raminder_Gujral · March 14, 2024, 1:44pm

Here are the outcomes:

C:\Program Files\Elastic\Agent> curl 127.0.0.1:9200
curl : Unable to connect to the remote server
At line:1 char:1
+ curl 127.0.0.1:9200
+ ~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

PS C:\Program Files\Elastic\Agent> netstat -a

system · April 11, 2024, 1:45pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elastic Agent Start Failure: Pipe Access Denied Beats winlogbeat , elastic-agent	1	955	August 19, 2022
Elastic agent packet beat integration crash windows Elastic Agent packetbeat	1	551	March 9, 2023
Beats in elastic-agent reporting "failed to connect to backoff" Beats fleet , filebeat	6	9981	May 11, 2022
Metricbeat kept connecting to http://localhost:9200 while using AWS privatelink Metrics	1	456	April 11, 2023
Metricbeat on VM can't connect to Elasticsearch in another VM Beats metricbeat	5	2736	September 27, 2019

Not able to start standalone Elastic Agent in my windows machine

ERROR MESSAGE:

Related topics