Standalone agent is not enrolling with Elastic Cluster

Elastic Stack Elasticsearch
1

Hi Support team,

I had configured cluster with default certificates which are created while installing stack. Now, I has installed standalone elastic agent with below command.

./elastic-agent.exe install --insecure

But agent is not communicating with cluster. So, kindly guide me what could be the issue?

I am going to share logs and configuration file of agent.

Regards,
Eshwar

2 
id: e87eae11-2878-4be7-9895-dce09969160f
revision: 2
outputs:
  default:
    type: elasticsearch
    hosts:
      - 'https://192.168.10.81:9200'
    api_key: 'e12P0ZQBY9AQ2JTdhlri:RugGGdReQ6mX0hVhaFXA4g'
    preset: balanced
    ssl:
      enabled: false
output_permissions:
  default:
    _elastic_agent_monitoring:
      indices:
        - names:
            - logs-elastic_agent.apm_server-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-elastic_agent.apm_server-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-elastic_agent.auditbeat-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-elastic_agent.auditbeat-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-elastic_agent.cloud_defend-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-elastic_agent.cloudbeat-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-elastic_agent.cloudbeat-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-elastic_agent-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-elastic_agent.elastic_agent-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-elastic_agent.endpoint_security-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-elastic_agent.endpoint_security-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-elastic_agent.filebeat_input-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-elastic_agent.filebeat_input-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-elastic_agent.filebeat-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-elastic_agent.filebeat-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-elastic_agent.fleet_server-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-elastic_agent.fleet_server-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-elastic_agent.heartbeat-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-elastic_agent.heartbeat-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-elastic_agent.metricbeat-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-elastic_agent.metricbeat-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-elastic_agent.osquerybeat-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-elastic_agent.osquerybeat-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-elastic_agent.packetbeat-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-elastic_agent.packetbeat-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-elastic_agent.pf_elastic_collector-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-elastic_agent.pf_elastic_symbolizer-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-elastic_agent.pf_host_agent-default
          privileges:
            - auto_configure
            - create_doc
    _elastic_agent_checks:
      cluster:
        - monitor
    cf53568a-6990-45e6-b455-dd1cbf1fd7ec:
      indices:
        - names:
            - logs-system.auth-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-system.syslog-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-system.auth-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-system.syslog-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-system.application-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-system.security-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - logs-system.system-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-system.cpu-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-system.diskio-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-system.filesystem-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-system.fsstat-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-system.load-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-system.memory-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-system.network-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-system.process-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-system.process.summary-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-system.socket_summary-default
          privileges:
            - auto_configure
            - create_doc
        - names:
            - metrics-system.uptime-default
          privileges:
            - auto_configure
            - create_doc
    2e262b8a-1f57-484a-a589-49d619334055:
      indices:
        - names:
            - logs-symantec_endpoint.log-default
          privileges:
            - auto_configure
            - create_doc
agent:
  download:
    sourceURI: 'https://artifacts.elastic.co/downloads/'
  monitoring:
    enabled: true
    use_output: default
    logs: true
    metrics: true
    traces: true
    namespace: default
  features: {}
  protection:
    enabled: false
    uninstall_token_hash: pNFwxBkJ7cMSTwpUoEHJJuolNesrQK+oI1LWu/axeqY=
    signing_key: >-
      MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEheYtX9yghXL9DJwRiwdpHLqYTvNNuIu+vuTXFxGwI7eodmZijkFUYYFWfi2tHY7rRgqAX5vkvLfggg8GTZDA4Q==
inputs:
  - id: logfile-system-cf53568a-6990-45e6-b455-dd1cbf1fd7ec
    name: system-2
    revision: 1
    type: logfile
    use_output: default
    meta:
      package:
        name: system
        version: 1.64.0
    data_stream:
      namespace: default
    package_policy_id: cf53568a-6990-45e6-b455-dd1cbf1fd7ec
    streams:
      - id: logfile-system.auth-cf53568a-6990-45e6-b455-dd1cbf1fd7ec
        data_stream:
          dataset: system.auth
          type: logs
        condition: >-
          ${host.os_version} != "12 (bookworm)" and (${host.os_platform} !=
          "amzn" or ${host.os_version} != "2023")
        ignore_older: 72h
        paths:
          - /var/log/auth.log*
          - /var/log/secure*
        exclude_files:
          - \.gz$
        multiline:
          pattern: ^\s
          match: after
        tags:
          - system-auth
        processors:
          - add_locale: null
          - rename:
              fields:
                - from: message
                  to: event.original
              ignore_missing: true
              fail_on_error: false
          - syslog:
              field: event.original
              ignore_missing: true
              ignore_failure: true
      - id: logfile-system.syslog-cf53568a-6990-45e6-b455-dd1cbf1fd7ec
        data_stream:
          dataset: system.syslog
          type: logs
        condition: >-
          ${host.os_version} != "12 (bookworm)" and (${host.os_platform} !=
          "amzn" or ${host.os_version} != "2023")
        paths:
          - /var/log/messages*
          - /var/log/syslog*
          - /var/log/system*
        exclude_files:
          - \.gz$
        multiline:
          pattern: ^\s
          match: after
        processors:
          - add_locale: null
        tags: null
        ignore_older: 72h
  - id: journald-system-cf53568a-6990-45e6-b455-dd1cbf1fd7ec
    name: system-2
    revision: 1
    type: journald
    use_output: default
    meta:
      package:
        name: system
        version: 1.64.0
    data_stream:
      namespace: default
    package_policy_id: cf53568a-6990-45e6-b455-dd1cbf1fd7ec
    streams:
      - id: journald-system.auth-cf53568a-6990-45e6-b455-dd1cbf1fd7ec
        type: journald
        data_stream:
          dataset: system.auth
          type: logs
        facilities:
          - 4
          - 10
        condition: >-
          ${host.os_version} == "12 (bookworm)" or (${host.os_platform} ==
          "amzn" and ${host.os_version} == "2023")
        tags: null
      - id: journald-system.syslog-cf53568a-6990-45e6-b455-dd1cbf1fd7ec
        type: journald
        data_stream:
          dataset: system.syslog
          type: logs
        facilities:
          - 0
          - 1
          - 2
          - 3
          - 5
          - 6
          - 7
          - 8
          - 9
          - 11
          - 12
          - 15
        condition: >-
          ${host.os_version} == "12 (bookworm)" or (${host.os_platform} ==
          "amzn" and ${host.os_version} == "2023")
        tags: null
  - id: winlog-system-cf53568a-6990-45e6-b455-dd1cbf1fd7ec
    name: system-2
    revision: 1
    type: winlog
    use_output: default
    meta:
      package:
        name: system
        version: 1.64.0
    data_stream:
      namespace: default
    package_policy_id: cf53568a-6990-45e6-b455-dd1cbf1fd7ec
    streams:
      - id: winlog-system.application-cf53568a-6990-45e6-b455-dd1cbf1fd7ec
        name: Application
        data_stream:
          dataset: system.application
          type: logs
        condition: '${host.platform} == ''windows'''
        ignore_older: 72h
      - id: winlog-system.security-cf53568a-6990-45e6-b455-dd1cbf1fd7ec
        name: Security
        data_stream:
          dataset: system.security
          type: logs
        condition: '${host.platform} == ''windows'''
        ignore_older: 72h
      - id: winlog-system.system-cf53568a-6990-45e6-b455-dd1cbf1fd7ec
        name: System
        data_stream:
          dataset: system.system
          type: logs
        condition: '${host.platform} == ''windows'''
        ignore_older: 72h
  - id: system/metrics-system-cf53568a-6990-45e6-b455-dd1cbf1fd7ec
    name: system-2
    revision: 1
    type: system/metrics
    use_output: default
    meta:
      package:
        name: system
        version: 1.64.0
    data_stream:
      namespace: default
    package_policy_id: cf53568a-6990-45e6-b455-dd1cbf1fd7ec
    streams:
      - id: system/metrics-system.cpu-cf53568a-6990-45e6-b455-dd1cbf1fd7ec
        data_stream:
          dataset: system.cpu
          type: metrics
        metricsets:
          - cpu
        cpu.metrics:
          - percentages
          - normalized_percentages
        period: 10s
      - id: system/metrics-system.diskio-cf53568a-6990-45e6-b455-dd1cbf1fd7ec
        data_stream:
          dataset: system.diskio
          type: metrics
        metricsets:
          - diskio
        diskio.include_devices: null
        period: 10s
      - id: system/metrics-system.filesystem-cf53568a-6990-45e6-b455-dd1cbf1fd7ec
        data_stream:
          dataset: system.filesystem
          type: metrics
        metricsets:
          - filesystem
        period: 1m
        processors:
          - drop_event.when.regexp:
              system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)
      - id: system/metrics-system.fsstat-cf53568a-6990-45e6-b455-dd1cbf1fd7ec
        data_stream:
          dataset: system.fsstat
          type: metrics
        metricsets:
          - fsstat
        period: 1m
        processors:
          - drop_event.when.regexp:
              system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)
      - id: system/metrics-system.load-cf53568a-6990-45e6-b455-dd1cbf1fd7ec
        data_stream:
          dataset: system.load
          type: metrics
        metricsets:
          - load
        condition: '${host.platform} != ''windows'''
        period: 10s
      - id: system/metrics-system.memory-cf53568a-6990-45e6-b455-dd1cbf1fd7ec
        data_stream:
          dataset: system.memory
          type: metrics
        metricsets:
          - memory
        period: 10s
      - id: system/metrics-system.network-cf53568a-6990-45e6-b455-dd1cbf1fd7ec
        data_stream:
          dataset: system.network
          type: metrics
        metricsets:
          - network
        period: 10s
        network.interfaces: null
      - id: system/metrics-system.process-cf53568a-6990-45e6-b455-dd1cbf1fd7ec
        data_stream:
          dataset: system.process
          type: metrics
        metricsets:
          - process
        period: 10s
        process.include_top_n.by_cpu: 5
        process.include_top_n.by_memory: 5
        process.cmdline.cache.enabled: true
        process.cgroups.enabled: false
        process.include_cpu_ticks: false
        processes:
          - .*
      - id: >-
          system/metrics-system.process.summary-cf53568a-6990-45e6-b455-dd1cbf1fd7ec
        data_stream:
          dataset: system.process.summary
          type: metrics
        metricsets:
          - process_summary
        period: 10s
      - id: >-
          system/metrics-system.socket_summary-cf53568a-6990-45e6-b455-dd1cbf1fd7ec
        data_stream:
          dataset: system.socket_summary
          type: metrics
        metricsets:
          - socket_summary
        period: 10s
      - id: system/metrics-system.uptime-cf53568a-6990-45e6-b455-dd1cbf1fd7ec
        data_stream:
          dataset: system.uptime
          type: metrics
        metricsets:
          - uptime
        period: 10s
  - id: logfile-symantec-2e262b8a-1f57-484a-a589-49d619334055
    name: symantec_endpoint-1
    revision: 1
    type: logfile
    use_output: default
    meta:
      package:
        name: symantec_endpoint
        version: 2.18.0
    data_stream:
      namespace: default
    package_policy_id: 2e262b8a-1f57-484a-a589-49d619334055
    streams:
      - id: logfile-symantec_endpoint.log-2e262b8a-1f57-484a-a589-49d619334055
        data_stream:
          dataset: symantec_endpoint.log
          type: logs
        paths:
          - >-
            C:\Program Files (x86)\Symantec\Symantec Endpoint Protection
            Manager\data\dump\*.log
        exclude_files:
          - \.gz$
        tags:
          - symantec-endpoint-log
          - forwarded
        publisher_pipeline.disable_host: true
        fields_under_root: true
        fields:
          _conf:
            tz_offset: UTC
            remove_mapped_fields: false
signed:
  data: >-
    eyJpZCI6ImU4N2VhZTExLTI4NzgtNGJlNy05ODk1LWRjZTA5OTY5MTYwZiIsImFnZW50Ijp7ImZlYXR1cmVzIjp7fSwicHJvdGVjdGlvbiI6eyJlbmFibGVkIjpmYWxzZSwidW5pbnN0YWxsX3Rva2VuX2hhc2giOiJwTkZ3eEJrSjdjTVNUd3BVb0VISkp1b2xOZXNyUUsrb0kxTFd1L2F4ZXFZPSIsInNpZ25pbmdfa2V5IjoiTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFaGVZdFg5eWdoWEw5REp3Uml3ZHBITHFZVHZOTnVJdSt2dVRYRnhHd0k3ZW9kbVppamtGVVlZRldmaTJ0SFk3clJncUFYNXZrdkxmZ2dnOEdUWkRBNFE9PSJ9fSwiaW5wdXRzIjpbeyJpZCI6ImxvZ2ZpbGUtc3lzdGVtLWNmNTM1NjhhLTY5OTAtNDVlNi1iNDU1LWRkMWNiZjFmZDdlYyIsIm5hbWUiOiJzeXN0ZW0tMiIsInJldmlzaW9uIjoxLCJ0eXBlIjoibG9nZmlsZSJ9LHsiaWQiOiJqb3VybmFsZC1zeXN0ZW0tY2Y1MzU2OGEtNjk5MC00NWU2LWI0NTUtZGQxY2JmMWZkN2VjIiwibmFtZSI6InN5c3RlbS0yIiwicmV2aXNpb24iOjEsInR5cGUiOiJqb3VybmFsZCJ9LHsiaWQiOiJ3aW5sb2ctc3lzdGVtLWNmNTM1NjhhLTY5OTAtNDVlNi1iNDU1LWRkMWNiZjFmZDdlYyIsIm5hbWUiOiJzeXN0ZW0tMiIsInJldmlzaW9uIjoxLCJ0eXBlIjoid2lubG9nIn0seyJpZCI6InN5c3RlbS9tZXRyaWNzLXN5c3RlbS1jZjUzNTY4YS02OTkwLTQ1ZTYtYjQ1NS1kZDFjYmYxZmQ3ZWMiLCJuYW1lIjoic3lzdGVtLTIiLCJyZXZpc2lvbiI6MSwidHlwZSI6InN5c3RlbS9tZXRyaWNzIn0seyJpZCI6ImxvZ2ZpbGUtc3ltYW50ZWMtMmUyNjJiOGEtMWY1Ny00ODRhLWE1ODktNDlkNjE5MzM0MDU1IiwibmFtZSI6InN5bWFudGVjX2VuZHBvaW50LTEiLCJyZXZpc2lvbiI6MSwidHlwZSI6ImxvZ2ZpbGUifV19
  signature: >-
    MEUCIQDHfuNBmpH+H3p7Oxfz0/S4tYTvSTK1X5HZRwCXUCuI/QIgawcdQ3oqXm54x9aB29JTBUUQJr1IGy3LLO2DxisIubU=
secret_references: []
namespaces: []
3 
nfo","@timestamp":"2025-02-06T08:26:29.417Z","message":"Applying performance preset 'balanced': {\n  \"bulk_max_size\": 1600,\n  \"compression_level\": 1,\n  \"idle_connection_timeout\": \"3s\",\n  \"queue\": {\n    \"mem\": {\n      \"events\": 3200,\n      \"flush\": {\n        \"min_events\": 1600,\n        \"timeout\": \"10s\"\n      }\n    }\n  },\n  \"worker\": 1\n}","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"beat/metrics-monitoring","type":"beat/metrics"},"log":{"source":"beat/metrics-monitoring"},"ecs.version":"1.6.0","log.logger":"elasticsearch","log.origin":{"file.line":63,"file.name":"elasticsearch/elasticsearch.go","function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.makeES"},"service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2025-02-06T08:26:29.417Z","message":"Performance preset 'balanced' overrides user setting for field 'bulk_max_size'","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"beat/metrics-monitoring","type":"beat/metrics"},"log":{"source":"beat/metrics-monitoring"},"service.name":"metricbeat","ecs.version":"1.6.0","log.logger":"elasticsearch","log.origin":{"file.line":66,"file.name":"elasticsearch/elasticsearch.go","function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.makeES"},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2025-02-06T08:26:29.417Z","message":"elasticsearch url: https://192.168.10.81:9200","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"beat/metrics-monitoring","type":"beat/metrics"},"log":{"source":"beat/metrics-monitoring"},"log.logger":"esclientleg","log.origin":{"file.line":132,"file.name":"eslegclient/connection.go","function":"github.com/elastic/beats/v7/libbeat/esleg/eslegclient.NewConnection"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2025-02-06T08:26:29.419Z","log.origin":{"function":"github.com/elastic/elastic-agent/internal/pkg/agent/application/coordinator.(*Coordinator).watchRuntimeComponents","file.name":"coordinator/coordinator.go","file.line":663},"message":"Unit state changed beat/metrics-monitoring (STARTING->HEALTHY): Healthy","log":{"source":"elastic-agent"},"component":{"id":"beat/metrics-monitoring","state":"HEALTHY"},"unit":{"id":"beat/metrics-monitoring","type":"output","state":"HEALTHY","old_state":"STARTING"},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2025-02-06T08:26:29.430Z","log.origin":{"function":"github.com/elastic/elastic-agent/internal/pkg/agent/application/coordinator.(*Coordinator).watchRuntimeComponents","file.name":"coordinator/coordinator.go","file.line":663},"message":"Unit state changed beat/metrics-monitoring-metrics-monitoring-beats (STARTING->HEALTHY): Healthy","log":{"source":"elastic-agent"},"component":{"id":"beat/metrics-monitoring","state":"HEALTHY"},"unit":{"id":"beat/metrics-monitoring-metrics-monitoring-beats","type":"input","state":"HEALTHY","old_state":"STARTING"},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2025-02-06T08:26:29.689Z","message":"Applying performance preset 'balanced': {\n  \"bulk_max_size\": 1600,\n  \"compression_level\": 1,\n  \"idle_connection_timeout\": \"3s\",\n  \"queue\": {\n    \"mem\": {\n      \"events\": 3200,\n      \"flush\": {\n        \"min_events\": 1600,\n        \"timeout\": \"10s\"\n      }\n    }\n  },\n  \"worker\": 1\n}","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"http/metrics-monitoring","type":"http/metrics"},"log":{"source":"http/metrics-monitoring"},"log.logger":"elasticsearch","log.origin":{"file.line":63,"file.name":"elasticsearch/elasticsearch.go","function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.makeES"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2025-02-06T08:26:29.689Z","message":"Performance preset 'balanced' overrides user setting for field 'bulk_max_size'","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"http/metrics-monitoring","type":"http/metrics"},"log":{"source":"http/metrics-monitoring"},"service.name":"metricbeat","ecs.version":"1.6.0","log.logger":"elasticsearch","log.origin":{"file.line":66,"file.name":"elasticsearch/elasticsearch.go","function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.makeES"},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2025-02-06T08:26:29.689Z","message":"elasticsearch url: https://192.168.10.81:9200","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"http/metrics-monitoring","type":"http/metrics"},"log":{"source":"http/metrics-monitoring"},"log.logger":"esclientleg","log.origin":{"file.line":132,"file.name":"eslegclient/connection.go","function":"github.com/elastic/beats/v7/libbeat/esleg/eslegclient.NewConnection"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2025-02-06T08:26:29.690Z","log.origin":{"function":"github.com/elastic/elastic-agent/internal/pkg/agent/application/coordinator.(*Coordinator).watchRuntimeComponents","file.name":"coordinator/coordinator.go","file.line":663},"message":"Unit state changed http/metrics-monitoring (STARTING->HEALTHY): Healthy","log":{"source":"elastic-agent"},"component":{"id":"http/metrics-monitoring","state":"HEALTHY"},"unit":{"id":"http/metrics-monitoring","type":"output","state":"HEALTHY","old_state":"STARTING"},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2025-02-06T08:26:29.713Z","log.origin":{"function":"github.com/elastic/elastic-agent/internal/pkg/agent/application/coordinator.(*Coordinator).watchRuntimeComponents","file.name":"coordinator/coordinator.go","file.line":663},"message":"Unit state changed http/metrics-monitoring-metrics-monitoring-agent (STARTING->HEALTHY): Healthy","log":{"source":"elastic-agent"},"component":{"id":"http/metrics-monitoring","state":"HEALTHY"},"unit":{"id":"http/metrics-monitoring-metrics-monitoring-agent","type":"input","state":"HEALTHY","old_state":"STARTING"},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2025-02-06T08:26:30.942Z","message":"add_cloud_metadata: hosting provider type not detected.","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"winlog-default","type":"winlog"},"log":{"source":"winlog-default"},"log.logger":"add_cloud_metadata","log.origin":{"file.line":100,"file.name":"add_cloud_metadata/add_cloud_metadata.go","function":"github.com/elastic/beats/v7/libbeat/processors/add_cloud_metadata.(*addCloudMetadata).init.func1"},"service.name":"filebeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2025-02-06T08:26:31.021Z","message":"add_cloud_metadata: hosting provider type not detected.","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"log.logger":"add_cloud_metadata","log.origin":{"file.line":100,"file.name":"add_cloud_metadata/add_cloud_metadata.go","function":"github.com/elastic/beats/v7/libbeat/processors/add_cloud_metadata.(*addCloudMetadata).init.func1"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2025-02-06T08:26:31.223Z","message":"add_cloud_metadata: hosting provider type not detected.","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"log-default","type":"log"},"log":{"source":"log-default"},"log.logger":"add_cloud_metadata","log.origin":{"file.line":100,"file.name":"add_cloud_metadata/add_cloud_metadata.go","function":"github.com/elastic/beats/v7/libbeat/processors/add_cloud_metadata.(*addCloudMetadata).init.func1"},"service.name":"filebeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2025-02-06T08:26:31.223Z","message":"Harvester started for paths: [C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection Manager\\data\\dump\\*.log]","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"log-default","type":"log"},"log":{"source":"log-default"},"log.origin":{"file.line":311,"file.name":"log/harvester.go","function":"github.com/elastic/beats/v7/filebeat/input/log.(*Harvester).Run"},"source_file":"C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection Manager\\data\\dump\\agt_system.log","state_id":"native::11403264-143335-2767940885","finished":false,"os_id":"11403264-143335-2767940885","log.logger":"input.harvester","input_id":"0013ad74-1776-4017-a968-5c2d7fc2a0f0","harvester_id":"5af558fa-4f9b-4c8b-939d-471d7454a4b9","ecs.version":"1.6.0","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2025-02-06T08:26:31.224Z","message":"Harvester started for paths: [C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection Manager\\data\\dump\\*.log]","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"log-default","type":"log"},"log":{"source":"log-default"},"input_id":"0013ad74-1776-4017-a968-5c2d7fc2a0f0","state_id":"native::983040-131752-2767940885","os_id":"983040-131752-2767940885","harvester_id":"8fc08c71-d796-4dee-9d23-8ea76819f9ca","ecs.version":"1.6.0","log.logger":"input.harvester","log.origin":{"file.line":311,"file.name":"log/harvester.go","function":"github.com/elastic/beats/v7/filebeat/input/log.(*Harvester).Run"},"service.name":"filebeat","source_file":"C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection Manager\\data\\dump\\agt_proactive.log","finished":false,"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2025-02-06T08:26:31.226Z","message":"Harvester started for paths: [C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection Manager\\data\\dump\\*.log]","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"log-default","type":"log"},"log":{"source":"log-default"},"input_id":"0013ad74-1776-4017-a968-5c2d7fc2a0f0","source_file":"C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection Manager\\data\\dump\\agt_risk.log","state_id":"native::7274496-145841-2767940885","old_source":"C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection Manager\\data\\dump\\agt_risk.log","old_finished":true,"ecs.version":"1.6.0","log.logger":"input.harvester","finished":false,"old_os_id":"7274496-145841-2767940885","log.origin":{"file.line":311,"file.name":"log/harvester.go","function":"github.com/elastic/beats/v7/filebeat/input/log.(*Harvester).Run"},"service.name":"filebeat","os_id":"7274496-145841-2767940885","harvester_id":"d22cb11c-3e0f-466e-a396-203237159bab","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2025-02-06T08:26:31.226Z","message":"Harvester started for paths: [C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection Manager\\data\\dump\\*.log]","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"log-default","type":"log"},"log":{"source":"log-default"},"input_id":"0013ad74-1776-4017-a968-5c2d7fc2a0f0","state_id":"native::3473408-145798-2767940885","old_finished":true,"log.logger":"input.harvester","finished":false,"os_id":"3473408-145798-2767940885","old_os_id":"3473408-145798-2767940885","log.origin":{"file.line":311,"file.name":"log/harvester.go","function":"github.com/elastic/beats/v7/filebeat/input/log.(*Harvester).Run"},"source_file":"C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection Manager\\data\\dump\\agt_scan.log","old_source":"C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection Manager\\data\\dump\\agt_scan.log","harvester_id":"96c101f0-c5f9-4445-814c-b1cb8e6728da","ecs.version":"1.6.0","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2025-02-06T08:26:31.227Z","message":"Harvester started for paths: [C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection Manager\\data\\dump\\*.log]","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"log-default","type":"log"},"log":{"source":"log-default"},"log.origin":{"file.line":311,"file.name":"log/harvester.go","function":"github.com/elastic/beats/v7/filebeat/input/log.(*Harvester).Run"},"service.name":"filebeat","source_file":"C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection Manager\\data\\dump\\agt_security.log","state_id":"native::3670016-145779-2767940885","finished":false,"log.logger":"input.harvester","os_id":"3670016-145779-2767940885","ecs.version":"1.6.0","harvester_id":"f54f4564-c9e6-4d5c-862f-dd6e4f688d56","input_id":"0013ad74-1776-4017-a968-5c2d7fc2a0f0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2025-02-06T08:26:31.228Z","message":"Harvester started for paths: [C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection Manager\\data\\dump\\*.log]","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"log-default","type":"log"},"log":{"source":"log-default"},"log.logger":"input.harvester","log.origin":{"file.line":311,"file.name":"log/harvester.go","function":"github.com/elastic/beats/v7/filebeat/input/log.(*Harvester).Run"},"source_file":"C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection Manager\\data\\dump\\scm_admin.log","harvester_id":"55597374-f166-4dc3-88a5-b48c1e1ddce2","ecs.version":"1.6.0","service.name":"filebeat","input_id":"0013ad74-1776-4017-a968-5c2d7fc2a0f0","state_id":"native::19005440-143077-2767940885","finished":false,"os_id":"19005440-143077-2767940885","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2025-02-06T08:26:31.228Z","message":"Harvester started for paths: [C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection Manager\\data\\dump\\*.log]","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"log-default","type":"log"},"log":{"source":"log-default"},"harvester_id":"b438e4fe-0530-45cd-a46a-660835815d96","log.logger":"input.harvester","service.name":"filebeat","input_id":"0013ad74-1776-4017-a968-5c2d7fc2a0f0","state_id":"native::24510464-143310-2767940885","os_id":"24510464-143310-2767940885","ecs.version":"1.6.0","log.origin":{"file.line":311,"file.name":"log/harvester.go","function":"github.com/elastic/beats/v7/filebeat/input/log.(*Harvester).Run"},"source_file":"C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection Manager\\data\\dump\\scm_agent_act.log","finished":false,"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2025-02-06T08:26:31.229Z","message":"Harvester started for paths: [C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection Manager\\data\\dump\\*.log]","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"log-default","type":"log"},"log":{"source":"log-default"},"service.name":"filebeat","source_file":"C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection Manager\\data\\dump\\scm_system.log","old_finished":true,"log.logger":"input.harvester","input_id":"0013ad74-1776-4017-a968-5c2d7fc2a0f0","state_id":"native::3932160-142838-2767940885","old_source":"C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection Manager\\data\\dump\\scm_system.log","old_os_id":"3932160-142838-2767940885","finished":false,"os_id":"3932160-142838-2767940885","harvester_id":"d22fba4b-8c94-4a06-a1e4-d9adf9d5c8ad","log.origin":{"file.line":311,"file.name":"log/harvester.go","function":"github.com/elastic/beats/v7/filebeat/input/log.(*Harvester).Run"},"ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2025-02-06T08:26:31.230Z","message":"Harvester started for paths: [C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection Manager\\data\\dump\\*.log]","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"log-default","type":"log"},"log":{"source":"log-default"},"harvester_id":"b3d4eabc-c816-4a42-b0c9-0f3036fce23d","ecs.version":"1.6.0","log.origin":{"file.line":311,"file.name":"log/harvester.go","function":"github.com/elastic/beats/v7/filebeat/input/log.(*Harvester).Run"},"service.name":"filebeat","state_id":"native::12713984-145791-2767940885","os_id":"12713984-145791-2767940885","log.logger":"input.harvester","input_id":"0013ad74-1776-4017-a968-5c2d7fc2a0f0","source_file":"C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection Manager\\data\\dump\\agt_behavior.log","finished":false,"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2025-02-06T08:26:31.284Z","message":"add_cloud_metadata: hosting provider type not detected.","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"service.name":"filebeat","ecs.version":"1.6.0","log.logger":"add_cloud_metadata","log.origin":{"file.line":100,"file.name":"add_cloud_metadata/add_cloud_metadata.go","function":"github.com/elastic/beats/v7/libbeat/processors/add_cloud_metadata.(*addCloudMetadata).init.func1"},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2025-02-06T08:26:31.289Z","message":"Connecting to backoff(elasticsearch(https://192.168.10.81:9200))","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"log-default","type":"log"},"log":{"source":"log-default"},"log.logger":"publisher_pipeline_output","log.origin":{"file.line":138,"file.name":"pipeline/client_worker.go","function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*netClientWorker).run"},"service.name":"filebeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2025-02-06T08:26:31.333Z","message":"Error dialing x509: certificate signed by unknown authority","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"log-default","type":"log"},"log":{"source":"log-default"},"service.name":"filebeat","log.origin":{"file.line":39,"file.name":"transport/logging.go","function":"github.com/elastic/elastic-agent-libs/transport/httpcommon.(*HTTPTransportSettings).RoundTripper.LoggingDialer.func2"},"log.logger":"esclientleg","network.transport":"tcp","server.address":"192.168.10.81:9200","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2025-02-06T08:26:31.346Z","message":"add_cloud_metadata: hosting provider type not detected.","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"beat/metrics-monitoring","type":"beat/metrics"},"log":{"source":"beat/metrics-monitoring"},"log.logger":"add_cloud_metadata","log.origin":{"file.line":100,"file.name":"add_cloud_metadata/add_cloud_metadata.go","function":"github.com/elastic/beats/v7/libbeat/processors/add_cloud_metadata.(*addCloudMetadata).init.func1"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2025-02-06T08:26:31.382Z","message":"Connecting to backoff(elasticsearch(https://192.168.10.81:9200))","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"ecs.version":"1.6.0","log.logger":"publisher_pipeline_output","log.origin":{"file.line":138,"file.name":"pipeline/client_worker.go","function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*netClientWorker).run"},"service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2025-02-06T08:26:31.422Z","message":"Error dialing x509: certificate signed by unknown authority","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"log.origin":{"file.line":39,"file.name":"transport/logging.go","function":"github.com/elastic/elastic-agent-libs/transport/httpcommon.(*HTTPTransportSettings).RoundTripper.LoggingDialer.func2"},"ecs.version":"1.6.0","log.logger":"esclientleg","service.name":"filebeat","network.transport":"tcp","server.address":"192.168.10.81:9200","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2025-02-06T08:26:31.460Z","message":"Connecting to backoff(elasticsearch(https://192.168.10.81:9200))","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"winlog-default","type":"winlog"},"log":{"source":"winlog-default"},"service.name":"filebeat","ecs.version":"1.6.0","log.logger":"publisher_pipeline_output","log.origin":{"file.line":138,"file.name":"pipeline/client_worker.go","function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*netClientWorker).run"},"ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2025-02-06T08:26:31.519Z","message":"Error dialing x509: certificate signed by unknown authority","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"winlog-default","type":"winlog"},"log":{"source":"winlog-default"},"server.address":"192.168.10.81:9200","network.transport":"tcp","ecs.version":"1.6.0","log.logger":"esclientleg","log.origin":{"file.line":39,"file.name":"transport/logging.go","function":"github.com/elastic/elastic-agent-libs/transport/httpcommon.(*HTTPTransportSettings).RoundTripper.LoggingDialer.func2"},"service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2025-02-06T08:26:31.604Z","message":"add_cloud_metadata: hosting provider type not detected.","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"http/metrics-monitoring","type":"http/metrics"},"log":{"source":"http/metrics-monitoring"},"ecs.version":"1.6.0","log.logger":"add_cloud_metadata","log.origin":{"file.line":100,"file.name":"add_cloud_metadata/add_cloud_metadata.go","function":"github.com/elastic/beats/v7/libbeat/processors/add_cloud_metadata.(*addCloudMetadata).init.func1"},"service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2025-02-06T08:26:32.490Z","message":"Failed to connect to backoff(elasticsearch(https://192.168.10.81:9200)): Get \"https://192.168.10.81:9200\": x509: certificate signed by unknown authority","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"log-default","type":"log"},"log":{"source":"log-default"},"log.origin":{"file.line":149,"file.name":"pipeline/client_worker.go","function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*netClientWorker).run"},"service.name":"filebeat","ecs.version":"1.6.0","log.logger":"publisher_pipeline_output","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2025-02-06T08:26:32.490Z","message":"Attempting to reconnect to backoff(elasticsearch(https://192.168.10.81:9200)) with 1 reconnect attempt(s)","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"log-default","type":"log"},"log":{"source":"log-default"},"log.logger":"publisher_pipeline_output","log.origin":{"file.line":140,"file.name":"pipeline/client_worker.go","function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*netClientWorker).run"},"service.name":"filebeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2025-02-06T08:26:32.504Z","message":"Error dialing x509: certificate signed by unknown authority","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"log-default","type":"log"},"log":{"source":"log-default"},"server.address":"192.168.10.81:9200","log.origin":{"file.line":39,"file.name":"transport/logging.go","function":"github.com/elastic/elastic-agent-libs/transport/httpcommon.(*HTTPTransportSettings).RoundTripper.LoggingDialer.func2"},"log.logger":"esclientleg","service.name":"filebeat","network.transport":"tcp","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2025-02-06T08:26:32.532Z","message":"Failed to connect to backoff(elasticsearch(https://192.168.10.81:9200)): Get \"https://192.168.10.81:9200\": x509: certificate signed by unknown authority","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"winlog-default","type":"winlog"},"log":{"source":"winlog-default"},"service.name":"filebeat","ecs.version":"1.6.0","log.logger":"publisher_pipeline_output","log.origin":{"file.line":149,"file.name":"pipeline/client_worker.go","function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*netClientWorker).run"},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2025-02-06T08:26:32.532Z","message":"Attempting to reconnect to backoff(elasticsearch(https://192.168.10.81:9200)) with 1 reconnect attempt(s)","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"winlog-default","type":"winlog"},"log":{"source":"winlog-default"},"ecs.version":"1.6.0","log.logger":"publisher_pipeline_output","log.origin":{"file.line":140,"file.name":"pipeline/client_worker.go","function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*netClientWorker).run"},"service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2025-02-06T08:26:32.550Z","message":"Error dialing x509: certificate signed by unknown authority","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"winlog-default","type":"winlog"},"log":{"source":"winlog-default"},"network.transport":"tcp","ecs.version":"1.6.0","log.logger":"esclientleg","log.origin":{"file.line":39,"file.name":"transport/logging.go","function":"github.com/elastic/elastic-agent-libs/transport/httpcommon.(*HTTPTransportSettings).RoundTripper.LoggingDialer.func2"},"service.name":"filebeat","server.address":"192.168.10.81:9200","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2025-02-06T08:26:33.034Z","message":"Failed to connect to backoff(elasticsearch(https://192.168.10.81:9200)): Get \"https://192.168.10.81:9200\": x509: certificate signed by unknown authority","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"service.name":"filebeat","ecs.version":"1.6.0","log.logger":"publisher_pipeline_output","log.origin":{"file.line":149,"file.name":"pipeline/client_worker.go","function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*netClientWorker).run"},"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2025-02-06T08:26:33.035Z","message":"Attempting to reconnect to backoff(elasticsearch(https://192.168.10.81:9200)) with 1 reconnect attempt(s)","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"service.name":"filebeat","ecs.version":"1.6.0","log.logger":"publisher_pipeline_output","log.origin":{"file.line":140,"file.name":"pipeline/client_worker.go","function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*netClientWorker).run"},"ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2025-02-06T08:26:33.055Z","message":"Error dialing x509: certificate signed by unknown authority","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"log.origin":{"file.line":39,"file.name":"transport/logging.go","function":"github.com/elastic/elastic-agent-libs/transport/httpcommon.(*HTTPTransportSettings).RoundTripper.LoggingDialer.func2"},"log.logger":"esclientleg","service.name":"filebeat","network.transport":"tcp","server.address":"192.168.10.81:9200","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2025-02-06T08:26:34.742Z","message":"Failed to connect to backoff(elasticsearch(https://192.168.10.81:9200)): Get \"https://192.168.10.81:9200\": x509: certificate signed by unknown authority","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"log-default","type":"log"},"log":{"source":"log-default"},"log.logger":"publisher_pipeline_output","log.origin":{"file.line":149,"file.name":"pipeline/client_worker.go","function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*netClientWorker).run"},"service.name":"filebeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2025-02-06T08:26:34.742Z","message":"Attempting to reconnect to backoff(elasticsearch(https://192.168.10.81:9200)) with 2 reconnect attempt(s)","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"log-default","type":"log"},"log":{"source":"log-default"},"log.logger":"publisher_pipeline_output","log.origin":{"file.line":140,"file.name":"pipeline/client_worker.go","function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*netClientWorker).run"},"service.name":"filebeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2025-02-06T08:26:34.761Z","message":"Error dialing x509: certificate signed by unknown authority","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"log-default","type":"log"},"log":{"source":"log-default"},"log.logger":"esclientleg","service.name":"filebeat","network.transport":"tcp","ecs.version":"1.6.0","log.origin":{"file.line":39,"file.name":"transport/logging.go","function":"github.com/elastic/elastic-agent-libs/transport/httpcommon.(*HTTPTransportSettings).RoundTripper.LoggingDialer.func2"},"server.address":"192.168.10.81:9200","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2025-02-06T08:26:35.247Z","message":"Failed to connect to backoff(elasticsearch(https://192.168.10.81:9200)): Get \"https://192.168.10.81:9200\": x509: certificate signed by unknown authority","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"ecs.version":"1.6.0","log.logger":"publisher_pipeline_output","log.origin":{"file.line":149,"file.name":"pipeline/client_worker.go","function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*netClientWorker).run"},"service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2025-02-06T08:26:35.247Z","message":"Attempting to reconnect to backoff(elasticsearch(https://192.168.10.81:9200)) with 2 reconnect attempt(s)","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"service.name":"filebeat","ecs.version":"1.6.0","log.logger":"publisher_pipeline_output","log.origin":{"file.line":140,"file.name":"pipeline/client_worker.go","function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*netClientWorker).run"},"ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2025-02-06T08:26:35.262Z","message":"Error dialing x509: certificate signed by unknown authority","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"service.name":"filebeat","network.transport":"tcp","ecs.version":"1.6.0","log.origin":{"file.line":39,"file.name":"transport/logging.go","function":"github.com/elastic/elastic-agent-libs/transport/httpcommon.(*HTTPTransportSettings).RoundTripper.LoggingDialer.func2"},"log.logger":"esclientleg","server.address":"192.168.10.81:9200","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2025-02-06T08:26:35.918Z","message":"Failed to connect to backoff(elasticsearch(https://192.168.10.81:9200)): Get \"https://192.168.10.81:9200\": x509: certificate signed by unknown authority","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"winlog-default","type":"winlog"},"log":{"source":"winlog-default"},"log.logger":"publisher_pipeline_output","log.origin":{"file.line":149,"file.name":"pipeline/client_worker.go","function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*netClientWorker).run"},"service.name":"filebeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2025-02-06T08:26:35.918Z","message":"Attempting to reconnect to backoff(elasticsearch(https://192.168.10.81:9200)) with 2 reconnect attempt(s)","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"winlog-default","type":"winlog"},"log":{"source":"winlog-default"},"log.origin":{"file.line":140,"file.name":"pipeline/client_worker.go","function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*netClientWorker).run"},"service.name":"filebeat","ecs.version":"1.6.0","log.logger":"publisher_pipeline_output","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2025-02-06T08:26:35.932Z","message":"Error dialing x509: certificate signed by unknown authority","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"winlog-default","type":"winlog"},"log":{"source":"winlog-default"},"log.logger":"esclientleg","service.name":"filebeat","network.transport":"tcp","server.address":"192.168.10.81:9200","log.origin":{"file.line":39,"file.name":"transport/logging.go","function":"github.com/elastic/elastic-agent-libs/transport/httpcommon.(*HTTPTransportSettings).RoundTripper.LoggingDialer.func2"},"ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2025-02-06T08:26:39.378Z","message":"Failed to connect to backoff(elasticsearch(https://192.168.10.81:9200)): Get \"https://192.168.10.81:9200\": x509: certificate signed by unknown authority","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"log-default","type":"log"},"log":{"source":"log-default"},"log.logger":"publisher_pipeline_output","log.origin":{"file.line":149,"file.name":"pipeline/client_worker.go","function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*netClientWorker).run"},"service.name":"filebeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2025-02-06T08:26:39.378Z","message":"Attempting to reconnect to backoff(elasticsearch(https://192.168.10.81:9200)) with 3 reconnect attempt(s)","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"log-default","type":"log"},"log":{"source":"log-default"},"log.logger":"publisher_pipeline_output","log.origin":{"file.line":140,"file.name":"pipeline/client_worker.go","function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*netClientWorker).run"},"service.name":"filebeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2025-02-06T08:26:39.393Z","message":"Error dialing x509: certificate signed by unknown authority","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"log-default","type":"log"},"log":{"source":"log-default"},"log.origin":{"file.line":39,"file.name":"transport/logging.go","function":"github.com/elastic/elastic-agent-libs/transport/httpcommon.(*HTTPTransportSettings).RoundTripper.LoggingDialer.func2"},"service.name":"filebeat","network.transport":"tcp","server.address":"192.168.10.81:9200","ecs.version":"1.6.0","log.logger":"esclientleg","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2025-02-06T08:26:41.030Z","message":"Connecting to backoff(elasticsearch(https://192.168.10.81:9200))","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"log.logger":"publisher_pipeline_output","log.origin":{"file.line":138,"file.name":"pipeline/client_worker.go","function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*netClientWorker).run"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2025-02-06T08:26:41.082Z","message":"Error dialing x509: certificate signed by unknown authority","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"log.logger":"esclientleg","network.transport":"tcp","log.origin":{"file.line":39,"file.name":"transport/logging.go","function":"github.com/elastic/elastic-agent-libs/transport/httpcommon.(*HTTPTransportSettings).RoundTripper.LoggingDialer.func2"},"service.name":"metricbeat","server.address":"192.168.10.81:9200","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2025-02-06T08:26:41.358Z","message":"Connecting to backoff(elasticsearch(https://192.168.10.81:9200))","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"beat/metrics-monitoring","type":"beat/metrics"},"log":{"source":"beat/metrics-monitoring"},"service.name":"metricbeat","ecs.version":"1.6.0","log.logger":"publisher_pipeline_output","log.origin":{"file.line":138,"file.name":"pipeline/client_worker.go","function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*netClientWorker).run"},"ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2025-02-06T08:26:41.411Z","message":"Error dialing x509: certificate signed by unknown authority","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"beat/metrics-monitoring","type":"beat/metrics"},"log":{"source":"beat/metrics-monitoring"},"service.name":"metricbeat","network.transport":"tcp","log.logger":"esclientleg","log.origin":{"file.line":39,"file.name":"transport/logging.go","function":"github.com/elastic/elastic-agent-libs/transport/httpcommon.(*HTTPTransportSettings).RoundTripper.LoggingDialer.func2"},"server.address":"192.168.10.81:9200","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2025-02-06T08:26:41.611Z","message":"Connecting to backoff(elasticsearch(https://192.168.10.81:9200))","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"http/metrics-monitoring","type":"http/metrics"},"log":{"source":"http/metrics-monitoring"},"log.origin":{"file.line":138,"file.name":"pipeline/client_worker.go","function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*netClientWorker).run"},"service.name":"metricbeat","ecs.version":"1.6.0","log.logger":"publisher_pipeline_output","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2025-02-06T08:26:41.665Z","message":"Error dialing x509: certificate signed by unknown authority","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"http/metrics-monitoring","type":"http/metrics"},"log":{"source":"http/metrics-monitoring"},"network.transport":"tcp","server.address":"192.168.10.81:9200","ecs.version":"1.6.0","log.logger":"esclientleg","log.origin":{"file.line":39,"file.name":"transport/logging.go","function":"github.com/elastic/elastic-agent-libs/transport/httpcommon.(*HTTPTransportSettings).RoundTripper.LoggingDialer.func2"},"service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2025-02-06T08:26:41.692Z","message":"Failed to connect to backoff(elasticsearch(https://192.168.10.81:9200)): Get \"https://192.168.10.81:9200\": x509: certificate signed by unknown authority","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"log.origin":{"file.line":149,"file.name":"pipeline/client_worker.go","function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*netClientWorker).run"},"service.name":"filebeat","ecs.version":"1.6.0","log.logger":"publisher_pipeline_output","ecs.version":"1.6.0"}
{
4

Your Elasticsearch cluster is using https and it is using a self-signed certificate that fleet does not recognized.

You need to add this certificate into your output configuration or disable the certificate validation with ssl.verification_mode: none, check the documentation for the ssl configurations.

The --insecure parameter has no use with Standalone agents as this is used to connect with Fleet Servers that have self-signed certificates, not Elasticsearch.

The ssl.enabled: false that you have in your output also has no use, this disables the ssl configurations on the elastic agent side, but you Elasticsearch cluster is still using ssl, you need this to be true and configure the ssl settings on the agent side.