Skip to content
This repository has been archived by the owner on Sep 17, 2024. It is now read-only.

Request 400 error during enrollment #2096

Closed
adam-stokes opened this issue Feb 3, 2022 · 22 comments
Closed

Request 400 error during enrollment #2096

adam-stokes opened this issue Feb 3, 2022 · 22 comments
Assignees
@adam-stokes
Labels
impact:critical Immediate priority; high value or cost to the product. priority:blocker Work is on-hold for a product team, business is at risk until resolution of issue size:S less than 1 day Team:Automation Label for the Observability productivity team triaged Triaged issues will end up in Backlog column in Robots GH Project

Comments

@adam-stokes
Copy link
Contributor

First 2 successful enrollment occurs, however, once a third and remaining enrollment happens, a client side 400 error is thrown:

[2022-02-03T10:43:54.826Z] �[37mDEBU�[0m[2022-02-03T10:43:54Z] Fleet Server config created                   �[37melasticsearch�[0m=3.144.155.153 �[37melasticsearchPort�[0m=9200 �[37mtoken�[0m="RUVjc3YzNEJacGx2NEV5cHN4eS06X0oxWTRVanhTWm1WZVo5czlvLVF6UQ=="
[2022-02-03T10:43:54.826Z] �[37mTRAC�[0m[2022-02-03T10:43:54Z] Executing command                             �[37margs�[0m="[install -e -v --force --insecure --enrollment-token=RUVjc3YzNEJacGx2NEV5cHN4eS06X0oxWTRVanhTWm1WZVo5czlvLVF6UQ== --url http://3.144.155.153:8220]" �[37mcommand�[0m=./elastic-agent/elastic-agent �[37menv�[0m="map[]"
[2022-02-03T10:45:31.540Z] �[31mERRO�[0m[2022-02-03T10:45:28Z] Error executing command                       �[31margs�[0m="[install -e -v --force --insecure --enrollment-token=RUVjc3YzNEJacGx2NEV5cHN4eS06X0oxWTRVanhTWm1WZVo5czlvLVF6UQ== --url http://3.144.155.153:8220]" �[31mbaseDir�[0m=. �[31mcommand�[0m=./elastic-agent/elastic-agent �[31menv�[0m="map[]" �[31merror�[0m="exit status 1" �[31mstderr�[0m="{\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:45:25.026Z\",\"log.origin\":{\"file.name\":\"capabilities/capabilities.go\",\"file.line\":59},\"message\":\"capabilities file not found in /home/centos/e2e-testing/e2e/_suites/fleet/elastic-agent/capabilities.yml\",\"ecs.version\":\"1.6.0\"}\n{\"log.level\":\"warn\",\"@timestamp\":\"2022-02-03T10:45:26.908Z\",\"log.logger\":\"tls\",\"log.origin\":{\"file.name\":\"tlscommon/tls_config.go\",\"file.line\":105},\"message\":\"SSL/TLS verifications disabled.\",\"ecs.version\":\"1.6.0\"}\n{\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:45:27.285Z\",\"log.origin\":{\"file.name\":\"cmd/enroll_cmd.go\",\"file.line\":455},\"message\":\"Starting enrollment to URL: http://3.144.155.153:8220/\",\"ecs.version\":\"1.6.0\"}\nError: fail to enroll: fail to execute request to fleet-server: status code: 400, fleet-server returned an error: BadRequest\nFor help, please see our troubleshooting guide at https://www.elastic.co/guide/en/fleet/8.1/fleet-troubleshooting.html\n{\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:45:27.947Z\",\"log.origin\":{\"file.name\":\"capabilities/capabilities.go\",\"file.line\":59},\"message\":\"capabilities file not found in /home/centos/e2e-testing/e2e/_suites/fleet/elastic-agent/capabilities.yml\",\"ecs.version\":\"1.6.0\"}\n{\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:45:28.299Z\",\"log.origin\":{\"file.name\":\"capabilities/capabilities.go\",\"file.line\":59},\"message\":\"capabilities file not found in /home/centos/e2e-testing/e2e/_suites/fleet/elastic-agent/capabilities.yml\",\"ecs.version\":\"1.6.0\"}\nError: enroll command failed with exit code: 1\nFor help, please see our troubleshooting guide at https://www.elastic.co/guide/en/fleet/8.1/fleet-troubleshooting.html\n"
@adam-stokes adam-stokes self-assigned this Feb 3, 2022
@adam-stokes adam-stokes added impact:critical Immediate priority; high value or cost to the product. priority:blocker Work is on-hold for a product team, business is at risk until resolution of issue size:S less than 1 day Team:Automation Label for the Observability productivity team triaged Triaged issues will end up in Backlog column in Robots GH Project labels Feb 3, 2022
@mdelapenya
Copy link
Contributor

Adding the logs of the elastic-agent right after the install command failed because of a 400 error during enrollment

[2022-02-03T10:46:03.286Z] TRAC[2022-02-03T10:46:03Z] Executing command                             args="[install -e -v --force --insecure --enrollment-token=cmtjd3YzNEJacGx2NEV5cDUwMUU6dzhxNi1xYzNRS2FCUTlrdmx2UEFsZw== --url http://3.144.155.153:8220]" command=./elastic-agent/elastic-agent env="map[]"
[2022-02-03T10:46:08.599Z] ERRO[2022-02-03T10:46:07Z] Error executing command                       args="[install -e -v --force --insecure --enrollment-token=cmtjd3YzNEJacGx2NEV5cDUwMUU6dzhxNi1xYzNRS2FCUTlrdmx2UEFsZw== --url http://3.144.155.153:8220]" baseDir=. command=./elastic-agent/elastic-agent env="map[]" error="exit status 1" stderr="{\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:46:03.345Z\",\"log.origin\":{\"file.name\":\"capabilities/capabilities.go\",\"file.line\":59},\"message\":\"capabilities file not found in /home/centos/e2e-testing/e2e/_suites/fleet/elastic-agent/capabilities.yml\",\"ecs.version\":\"1.6.0\"}\n{\"log.level\":\"warn\",\"@timestamp\":\"2022-02-03T10:46:05.130Z\",\"log.logger\":\"tls\",\"log.origin\":{\"file.name\":\"tlscommon/tls_config.go\",\"file.line\":105},\"message\":\"SSL/TLS verifications disabled.\",\"ecs.version\":\"1.6.0\"}\n{\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:46:05.469Z\",\"log.origin\":{\"file.name\":\"cmd/enroll_cmd.go\",\"file.line\":455},\"message\":\"Starting enrollment to URL: : fail to enroll: fail to execute request to fleet-server: status code: 400, fleet-server returned an error: BadRequest\nFor help, please see our troubleshooting guide at https://www.elastic.co/guide/en/fleet/8.1/fleet-troubleshooting.html\n{\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:46:07.225Z\",\"log.origin\":{\"file.name\":\"capabilities/capabilities.go\",\"file.line\":59},\"message\":\"capabilities file not found in /home/centos/e2e-testing/e2e/_suites/fleet/elastic-agent/capabilities.yml\",\"ecs.version\":\"1.6.0\"}\n{\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:46:07.576Z\",\"log.origin\":{\"file.name\":\"capabilities/capabilities.go\",\"file.line\":59},\"message\":\"capabilities file not found in /home/centos/e2e-testing/e2e/_suites/fleet/elastic-agent/capabilities.yml\",\"ecs.version\":\"1.6.0\"}\nError: enroll command failed with exit code: 1\nFor help, please see our troubleshooting guide at https://www.elastic.co/guide/en/fleet/8.1/fleet-troubleshooting.html\n"
[2022-02-03T10:46:08.599Z] TRAC[2022-02-03T10:46:07Z] After Fleet scenario                         
[2022-02-03T10:46:08.599Z] TRAC[2022-02-03T10:46:07Z] Attaching service for configuration           installType=tar service="{elastic-agent []  false 1 []}"
[2022-02-03T10:46:08.600Z] TRAC[2022-02-03T10:46:07Z] Executing command                             args="[-m -u elastic-agent]" command=journalctl env="map[]"
[2022-02-03T10:46:08.603Z] TRAC[2022-02-03T10:46:07Z] Output                                        output="-- Logs begin at Thu 2022-02-03 10:35:23 UTC, end at Thu 2022-02-03 10:46:06 UTC. --
Feb 03 10:39:49 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: Started Elastic Agent is a unified agent to observe, monitor and protect your system..
Feb 03 10:39:49 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[42929]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:39:49.485Z\",\"log.origin\":{\"file.name\":\"application/application.go\",\"file.line\":68},\"message\":\"Detecting execution mode\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:39:49 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[42929]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:39:49.485Z\",\"log.origin\":{\"file.name\":\"application/application.go\",\"file.line\":76},\"message\":\"Agent is managed locally\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:39:49 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[42929]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:39:49.485Z\",\"log.origin\":{\"file.name\":\"capabilities/capabilities.go\",\"file.line\":59},\"message\":\"capabilities file not found in /opt/Elastic/Agent/capabilities.yml\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:39:49 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[42929]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:39:49.700Z\",\"log.logger\":\"api\",\"log.origin\":{\"file.name\":\"api/server.go\",\"file.line\":62},\"message\":\"Starting stats endpoint\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:39:49 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[42929]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:39:49.700Z\",\"log.origin\":{\"file.name\":\"application/local_mode.go\",\"file.line\":168},\"message\":\"Agent is starting\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:39:49 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[42929]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:39:49.700Z\",\"log.logger\":\"api\",\"log.origin\":{\"file.name\":\"api/server.go\",\"file.line\":64},\"message\":\"Metrics endpoint listening on: /opt/Elastic/Agent/data/tmp/elastic-agent.sock (configured: unix:///opt/Elastic/Agent/data/tmp/elastic-agent.sock)\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:39:49 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[42929]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:39:49.701Z\",\"log.origin\":{\"file.name\":\"application/local_mode.go\",\"file.line\":178},\"message\":\"Agent is stopped\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:39:49 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[42929]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:39:49.701Z\",\"log.origin\":{\"file.name\":\"application/periodic.go\",\"file.line\":79},\"message\":\"Configuration changes detected\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:39:49 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[42929]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:39:49.957Z\",\"log.origin\":{\"file.name\":\"stateresolver/stateresolver.go\",\"file.line\":48},\"message\":\"New State ID is 9UWEIKAJ\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:39:49 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[42929]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:39:49.957Z\",\"log.origin\":{\"file.name\":\"stateresolver/stateresolver.go\",\"file.line\":49},\"message\":\"Converging state requires execution of 2 step(s)\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:39:50 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[42929]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:39:50.554Z\",\"log.origin\":{\"file.name\":\"operation/operator.go\",\"file.line\":216},\"message\":\"waiting for installer of pipeline 'default' to finish\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:39:52 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[42929]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:39:52.426Z\",\"log.origin\":{\"file.name\":\"application/periodic.go\",\"file.line\":101},\"message\":\"No configuration change\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:39:52 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[42929]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:39:52.426Z\",\"log.origin\":{\"file.name\":\"process/app.go\",\"file.line\":176},\"message\":\"Signaling application to stop because of shutdown: metricbeat--8.1.0-SNAPSHOT\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:39:56 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: Stopping Elastic Agent is a unified agent to observe, monitor and protect your system....
Feb 03 10:39:56 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: elastic-agent.service: Succeeded.
Feb 03 10:39:56 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: Stopped Elastic Agent is a unified agent to observe, monitor and protect your system..
Feb 03 10:40:10 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: Started Elastic Agent is a unified agent to observe, monitor and protect your system..
Feb 03 10:40:10 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43157]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:10.644Z\",\"log.origin\":{\"file.name\":\"application/application.go\",\"file.line\":68},\"message\":\"Detecting execution mode\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:10 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43157]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:10.644Z\",\"log.origin\":{\"file.name\":\"application/application.go\",\"file.line\":76},\"message\":\"Agent is managed locally\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:10 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43157]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:10.644Z\",\"log.origin\":{\"file.name\":\"capabilities/capabilities.go\",\"file.line\":59},\"message\":\"capabilities file not found in /opt/Elastic/Agent/capabilities.yml\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:10 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43157]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:10.922Z\",\"log.logger\":\"api\",\"log.origin\":{\"file.name\":\"api/server.go\",\"file.line\":62},\"message\":\"Starting stats endpoint\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:10 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43157]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:10.922Z\",\"log.origin\":{\"file.name\":\"application/local_mode.go\",\"file.line\":168},\"message\":\"Agent is starting\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:10 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43157]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:10.922Z\",\"log.logger\":\"api\",\"log.origin\":{\"file.name\":\"api/server.go\",\"file.line\":64},\"message\":\"Metrics endpoint listening on: /opt/Elastic/Agent/data/tmp/elastic-agent.sock (configured: unix:///opt/Elastic/Agent/data/tmp/elastic-agent.sock)\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:10 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43157]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:10.923Z\",\"log.origin\":{\"file.name\":\"application/local_mode.go\",\"file.line\":178},\"message\":\"Agent is stopped\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:10 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43157]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:10.923Z\",\"log.origin\":{\"file.name\":\"application/periodic.go\",\"file.line\":79},\"message\":\"Configuration changes detected\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:11 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43157]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:11.174Z\",\"log.origin\":{\"file.name\":\"stateresolver/stateresolver.go\",\"file.line\":48},\"message\":\"New State ID is 9UWEIKAJ\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:11 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43157]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:11.174Z\",\"log.origin\":{\"file.name\":\"stateresolver/stateresolver.go\",\"file.line\":49},\"message\":\"Converging state requires execution of 2 step(s)\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:11 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43157]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:11.211Z\",\"log.origin\":{\"file.name\":\"operation/operator.go\",\"file.line\":216},\"message\":\"waiting for installer of pipeline 'default' to finish\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:11 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43157]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:11.211Z\",\"log.origin\":{\"file.name\":\"process/app.go\",\"file.line\":176},\"message\":\"Signaling application to stop because of shutdown: metricbeat--8.1.0-SNAPSHOT\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:11 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: Stopping Elastic Agent is a unified agent to observe, monitor and protect your system....
Feb 03 10:40:11 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: elastic-agent.service: Succeeded.
Feb 03 10:40:11 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: Stopped Elastic Agent is a unified agent to observe, monitor and protect your system..
Feb 03 10:40:11 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: Started Elastic Agent is a unified agent to observe, monitor and protect your system..
Feb 03 10:40:15 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: Stopping Elastic Agent is a unified agent to observe, monitor and protect your system....
Feb 03 10:40:15 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: elastic-agent.service: Succeeded.
Feb 03 10:40:15 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: Stopped Elastic Agent is a unified agent to observe, monitor and protect your system..
Feb 03 10:40:31 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: Started Elastic Agent is a unified agent to observe, monitor and protect your system..
Feb 03 10:40:31 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43386]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:31.663Z\",\"log.origin\":{\"file.name\":\"application/application.go\",\"file.line\":68},\"message\":\"Detecting execution mode\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:31 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43386]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:31.663Z\",\"log.origin\":{\"file.name\":\"application/application.go\",\"file.line\":76},\"message\":\"Agent is managed locally\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:31 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43386]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:31.663Z\",\"log.origin\":{\"file.name\":\"capabilities/capabilities.go\",\"file.line\":59},\"message\":\"capabilities file not found in /opt/Elastic/Agent/capabilities.yml\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:31 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43386]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:31.821Z\",\"log.logger\":\"api\",\"log.origin\":{\"file.name\":\"api/server.go\",\"file.line\":62},\"message\":\"Starting stats endpoint\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:31 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43386]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:31.821Z\",\"log.origin\":{\"file.name\":\"application/local_mode.go\",\"file.line\":168},\"message\":\"Agent is starting\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:31 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43386]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:31.821Z\",\"log.logger\":\"api\",\"log.origin\":{\"file.name\":\"api/server.go\",\"file.line\":64},\"message\":\"Metrics endpoint listening on: /opt/Elastic/Agent/data/tmp/elastic-agent.sock (configured: unix:///opt/Elastic/Agent/data/tmp/elastic-agent.sock)\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:31 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43386]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:31.822Z\",\"log.origin\":{\"file.name\":\"application/local_mode.go\",\"file.line\":178},\"message\":\"Agent is stopped\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:31 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43386]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:31.822Z\",\"log.origin\":{\"file.name\":\"application/periodic.go\",\"file.line\":79},\"message\":\"Configuration changes detected\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:32 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43386]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:32.073Z\",\"log.origin\":{\"file.name\":\"stateresolver/stateresolver.go\",\"file.line\":48},\"message\":\"New State ID is 9UWEIKAJ\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:32 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43386]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:32.073Z\",\"log.origin\":{\"file.name\":\"stateresolver/stateresolver.go\",\"file.line\":49},\"message\":\"Converging state requires execution of 2 step(s)\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:33 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43386]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:33.282Z\",\"log.origin\":{\"file.name\":\"operation/operator.go\",\"file.line\":216},\"message\":\"waiting for installer of pipeline 'default' to finish\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:33 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43386]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:33.523Z\",\"log.origin\":{\"file.name\":\"application/periodic.go\",\"file.line\":101},\"message\":\"No configuration change\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:33 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43386]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:33.523Z\",\"log.origin\":{\"file.name\":\"process/app.go\",\"file.line\":176},\"message\":\"Signaling application to stop because of shutdown: metricbeat--8.1.0-SNAPSHOT\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:34 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: Stopping Elastic Agent is a unified agent to observe, monitor and protect your system....
Feb 03 10:40:34 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: elastic-agent.service: Succeeded.
Feb 03 10:40:34 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: Stopped Elastic Agent is a unified agent to observe, monitor and protect your system..
Feb 03 10:40:54 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: Started Elastic Agent is a unified agent to observe, monitor and protect your system..
Feb 03 10:40:54 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43610]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:54.678Z\",\"log.origin\":{\"file.name\":\"application/application.go\",\"file.line\":68},\"message\":\"Detecting execution mode\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:54 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43610]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:54.678Z\",\"log.origin\":{\"file.name\":\"application/application.go\",\"file.line\":76},\"message\":\"Agent is managed locally\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:54 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43610]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:54.678Z\",\"log.origin\":{\"file.name\":\"capabilities/capabilities.go\",\"file.line\":59},\"message\":\"capabilities file not found in /opt/Elastic/Agent/capabilities.yml\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:54 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43610]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:54.990Z\",\"log.logger\":\"api\",\"log.origin\":{\"file.name\":\"api/server.go\",\"file.line\":62},\"message\":\"Starting stats endpoint\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:54 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43610]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:54.990Z\",\"log.origin\":{\"file.name\":\"application/local_mode.go\",\"file.line\":168},\"message\":\"Agent is starting\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:54 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43610]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:54.990Z\",\"log.logger\":\"api\",\"log.origin\":{\"file.name\":\"api/server.go\",\"file.line\":64},\"message\":\"Metrics endpoint listening on: /opt/Elastic/Agent/data/tmp/elastic-agent.sock (configured: unix:///opt/Elastic/Agent/data/tmp/elastic-agent.sock)\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:54 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43610]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:54.990Z\",\"log.origin\":{\"file.name\":\"application/local_mode.go\",\"file.line\":178},\"message\":\"Agent is stopped\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:54 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43610]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:54.990Z\",\"log.origin\":{\"file.name\":\"application/periodic.go\",\"file.line\":79},\"message\":\"Configuration changes detected\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:55 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43610]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:55.248Z\",\"log.origin\":{\"file.name\":\"stateresolver/stateresolver.go\",\"file.line\":48},\"message\":\"New State ID is 9UWEIKAJ\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:55 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43610]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:55.248Z\",\"log.origin\":{\"file.name\":\"stateresolver/stateresolver.go\",\"file.line\":49},\"message\":\"Converging state requires execution of 2 step(s)\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:55 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43610]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:55.354Z\",\"log.origin\":{\"file.name\":\"operation/operator.go\",\"file.line\":216},\"message\":\"waiting for installer of pipeline 'default' to finish\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:55 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43610]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:55.354Z\",\"log.origin\":{\"file.name\":\"process/app.go\",\"file.line\":176},\"message\":\"Signaling application to stop because of shutdown: metricbeat--8.1.0-SNAPSHOT\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:56 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: Stopping Elastic Agent is a unified agent to observe, monitor and protect your system....
Feb 03 10:40:56 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: elastic-agent.service: Succeeded.
Feb 03 10:40:56 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: Stopped Elastic Agent is a unified agent to observe, monitor and protect your system..
Feb 03 10:40:58 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: Started Elastic Agent is a unified agent to observe, monitor and protect your system..
Feb 03 10:40:58 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43811]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:58.517Z\",\"log.origin\":{\"file.name\":\"application/application.go\",\"file.line\":68},\"message\":\"Detecting execution mode\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:58 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43811]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:58.517Z\",\"log.origin\":{\"file.name\":\"application/application.go\",\"file.line\":76},\"message\":\"Agent is managed locally\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:58 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43811]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:58.517Z\",\"log.origin\":{\"file.name\":\"capabilities/capabilities.go\",\"file.line\":59},\"message\":\"capabilities file not found in /opt/Elastic/Agent/capabilities.yml\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:58 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43811]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:58.833Z\",\"log.logger\":\"api\",\"log.origin\":{\"file.name\":\"api/server.go\",\"file.line\":62},\"message\":\"Starting stats endpoint\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:58 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43811]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:58.833Z\",\"log.origin\":{\"file.name\":\"application/local_mode.go\",\"file.line\":168},\"message\":\"Agent is starting\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:58 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43811]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:58.833Z\",\"log.logger\":\"api\",\"log.origin\":{\"file.name\":\"api/server.go\",\"file.line\":64},\"message\":\"Metrics endpoint listening on: /opt/Elastic/Agent/data/tmp/elastic-agent.sock (configured: unix:///opt/Elastic/Agent/data/tmp/elastic-agent.sock)\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:58 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43811]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:58.834Z\",\"log.origin\":{\"file.name\":\"application/local_mode.go\",\"file.line\":178},\"message\":\"Agent is stopped\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:58 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43811]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:58.834Z\",\"log.origin\":{\"file.name\":\"application/periodic.go\",\"file.line\":79},\"message\":\"Configuration changes detected\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:59 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43811]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:59.080Z\",\"log.origin\":{\"file.name\":\"stateresolver/stateresolver.go\",\"file.line\":48},\"message\":\"New State ID is 9UWEIKAJ\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:59 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43811]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:59.080Z\",\"log.origin\":{\"file.name\":\"stateresolver/stateresolver.go\",\"file.line\":49},\"message\":\"Converging state requires execution of 2 step(s)\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:40:59 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43811]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:40:59.309Z\",\"log.origin\":{\"file.name\":\"operation/operator.go\",\"file.line\":216},\"message\":\"waiting for installer of pipeline 'default' to finish\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:41:00 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43811]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:41:00.391Z\",\"log.origin\":{\"file.name\":\"application/periodic.go\",\"file.line\":101},\"message\":\"No configuration change\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:41:00 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[43811]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:41:00.391Z\",\"log.origin\":{\"file.name\":\"process/app.go\",\"file.line\":176},\"message\":\"Signaling application to stop because of shutdown: metricbeat--8.1.0-SNAPSHOT\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:41:05 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: Stopping Elastic Agent is a unified agent to observe, monitor and protect your system....
Feb 03 10:41:05 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: elastic-agent.service: Succeeded.
Feb 03 10:41:05 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: Stopped Elastic Agent is a unified agent to observe, monitor and protect your system..
Feb 03 10:41:30 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: Started Elastic Agent is a unified agent to observe, monitor and protect your system..
Feb 03 10:41:30 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44042]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:41:30.710Z\",\"log.origin\":{\"file.name\":\"application/application.go\",\"file.line\":68},\"message\":\"Detecting execution mode\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:41:30 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44042]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:41:30.710Z\",\"log.origin\":{\"file.name\":\"application/application.go\",\"file.line\":76},\"message\":\"Agent is managed locally\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:41:30 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44042]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:41:30.710Z\",\"log.origin\":{\"file.name\":\"capabilities/capabilities.go\",\"file.line\":59},\"message\":\"capabilities file not found in /opt/Elastic/Agent/capabilities.yml\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:41:31 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44042]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:41:31.008Z\",\"log.logger\":\"api\",\"log.origin\":{\"file.name\":\"api/server.go\",\"file.line\":62},\"message\":\"Starting stats endpoint\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:41:31 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44042]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:41:31.008Z\",\"log.origin\":{\"file.name\":\"application/local_mode.go\",\"file.line\":168},\"message\":\"Agent is starting\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:41:31 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44042]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:41:31.008Z\",\"log.logger\":\"api\",\"log.origin\":{\"file.name\":\"api/server.go\",\"file.line\":64},\"message\":\"Metrics endpoint listening on: /opt/Elastic/Agent/data/tmp/elastic-agent.sock (configured: unix:///opt/Elastic/Agent/data/tmp/elastic-agent.sock)\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:41:31 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44042]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:41:31.009Z\",\"log.origin\":{\"file.name\":\"application/local_mode.go\",\"file.line\":178},\"message\":\"Agent is stopped\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:41:31 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44042]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:41:31.009Z\",\"log.origin\":{\"file.name\":\"application/periodic.go\",\"file.line\":79},\"message\":\"Configuration changes detected\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:41:31 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44042]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:41:31.257Z\",\"log.origin\":{\"file.name\":\"stateresolver/stateresolver.go\",\"file.line\":48},\"message\":\"New State ID is 9UWEIKAJ\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:41:31 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44042]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:41:31.257Z\",\"log.origin\":{\"file.name\":\"stateresolver/stateresolver.go\",\"file.line\":49},\"message\":\"Converging state requires execution of 2 step(s)\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:41:31 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44042]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:41:31.460Z\",\"log.origin\":{\"file.name\":\"operation/operator.go\",\"file.line\":216},\"message\":\"waiting for installer of pipeline 'default' to finish\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:41:32 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44042]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:41:32.567Z\",\"log.origin\":{\"file.name\":\"application/periodic.go\",\"file.line\":101},\"message\":\"No configuration change\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:41:32 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44042]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:41:32.567Z\",\"log.origin\":{\"file.name\":\"process/app.go\",\"file.line\":176},\"message\":\"Signaling application to stop because of shutdown: metricbeat--8.1.0-SNAPSHOT\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:43:54 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: Stopping Elastic Agent is a unified agent to observe, monitor and protect your system....
Feb 03 10:45:24 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: elastic-agent.service: State 'stop-sigterm' timed out. Killing.
Feb 03 10:45:24 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: elastic-agent.service: Killing process 44042 (elastic-agent) with signal SIGKILL.
Feb 03 10:45:24 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: elastic-agent.service: Killing process 44223 (metricbeat) with signal SIGKILL.
Feb 03 10:45:24 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: elastic-agent.service: Main process exited, code=killed, status=9/KILL
Feb 03 10:45:24 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: elastic-agent.service: Failed with result 'timeout'.
Feb 03 10:45:24 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: Stopped Elastic Agent is a unified agent to observe, monitor and protect your system..
Feb 03 10:45:26 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: Started Elastic Agent is a unified agent to observe, monitor and protect your system..
Feb 03 10:45:27 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44369]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:45:27.013Z\",\"log.origin\":{\"file.name\":\"application/application.go\",\"file.line\":68},\"message\":\"Detecting execution mode\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:45:27 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44369]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:45:27.013Z\",\"log.origin\":{\"file.name\":\"application/application.go\",\"file.line\":76},\"message\":\"Agent is managed locally\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:45:27 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44369]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:45:27.013Z\",\"log.origin\":{\"file.name\":\"capabilities/capabilities.go\",\"file.line\":59},\"message\":\"capabilities file not found in /opt/Elastic/Agent/capabilities.yml\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:45:27 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44369]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:45:27.266Z\",\"log.logger\":\"api\",\"log.origin\":{\"file.name\":\"api/server.go\",\"file.line\":62},\"message\":\"Starting stats endpoint\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:45:27 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44369]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:45:27.266Z\",\"log.origin\":{\"file.name\":\"application/local_mode.go\",\"file.line\":168},\"message\":\"Agent is starting\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:45:27 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44369]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:45:27.266Z\",\"log.logger\":\"api\",\"log.origin\":{\"file.name\":\"api/server.go\",\"file.line\":64},\"message\":\"Metrics endpoint listening on: /opt/Elastic/Agent/data/tmp/elastic-agent.sock (configured: unix:///opt/Elastic/Agent/data/tmp/elastic-agent.sock)\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:45:27 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44369]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:45:27.267Z\",\"log.origin\":{\"file.name\":\"application/local_mode.go\",\"file.line\":178},\"message\":\"Agent is stopped\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:45:27 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44369]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:45:27.267Z\",\"log.origin\":{\"file.name\":\"application/periodic.go\",\"file.line\":79},\"message\":\"Configuration changes detected\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:45:27 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44369]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:45:27.517Z\",\"log.origin\":{\"file.name\":\"stateresolver/stateresolver.go\",\"file.line\":48},\"message\":\"New State ID is 9UWEIKAJ\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:45:27 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44369]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:45:27.517Z\",\"log.origin\":{\"file.name\":\"stateresolver/stateresolver.go\",\"file.line\":49},\"message\":\"Converging state requires execution of 2 step(s)\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:45:27 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44369]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:45:27.653Z\",\"log.origin\":{\"file.name\":\"cmd/run.go\",\"file.line\":185},\"message\":\"Shutting down Elastic Agent and sending last events...\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:45:27 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44369]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:45:27.653Z\",\"log.origin\":{\"file.name\":\"operation/operator.go\",\"file.line\":216},\"message\":\"waiting for installer of pipeline 'default' to finish\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:45:27 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44369]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:45:27.653Z\",\"log.origin\":{\"file.name\":\"process/app.go\",\"file.line\":176},\"message\":\"Signaling application to stop because of shutdown: metricbeat--8.1.0-SNAPSHOT\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:45:27 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44369]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:45:27.653Z\",\"log.origin\":{\"file.name\":\"cmd/run.go\",\"file.line\":193},\"message\":\"Shutting down completed.\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:45:27 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: Stopping Elastic Agent is a unified agent to observe, monitor and protect your system....
Feb 03 10:45:27 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44369]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:45:27.653Z\",\"log.logger\":\"api\",\"log.origin\":{\"file.name\":\"api/server.go\",\"file.line\":66},\"message\":\"Stats endpoint (/opt/Elastic/Agent/data/tmp/elastic-agent.sock) finished: accept unix /opt/Elastic/Agent/data/tmp/elastic-agent.sock: use of closed network connection\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:45:27 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: elastic-agent.service: Succeeded.
Feb 03 10:45:27 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: Stopped Elastic Agent is a unified agent to observe, monitor and protect your system..
Feb 03 10:46:05 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: Started Elastic Agent is a unified agent to observe, monitor and protect your system..
Feb 03 10:46:05 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44558]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:46:05.235Z\",\"log.origin\":{\"file.name\":\"application/application.go\",\"file.line\":68},\"message\":\"Detecting execution mode\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:46:05 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44558]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:46:05.235Z\",\"log.origin\":{\"file.name\":\"application/application.go\",\"file.line\":76},\"message\":\"Agent is managed locally\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:46:05 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44558]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:46:05.235Z\",\"log.origin\":{\"file.name\":\"capabilities/capabilities.go\",\"file.line\":59},\"message\":\"capabilities file not found in /opt/Elastic/Agent/capabilities.yml\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:46:05 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44558]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:46:05.383Z\",\"log.logger\":\"api\",\"log.origin\":{\"file.name\":\"api/server.go\",\"file.line\":62},\"message\":\"Starting stats endpoint\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:46:05 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44558]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:46:05.383Z\",\"log.origin\":{\"file.name\":\"application/local_mode.go\",\"file.line\":168},\"message\":\"Agent is starting\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:46:05 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44558]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:46:05.383Z\",\"log.logger\":\"api\",\"log.origin\":{\"file.name\":\"api/server.go\",\"file.line\":64},\"message\":\"Metrics endpoint listening on: /opt/Elastic/Agent/data/tmp/elastic-agent.sock (configured: unix:///opt/Elastic/Agent/data/tmp/elastic-agent.sock)\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:46:05 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44558]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:46:05.384Z\",\"log.origin\":{\"file.name\":\"application/local_mode.go\",\"file.line\":178},\"message\":\"Agent is stopped\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:46:05 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44558]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:46:05.384Z\",\"log.origin\":{\"file.name\":\"application/periodic.go\",\"file.line\":79},\"message\":\"Configuration changes detected\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:46:05 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44558]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:46:05.632Z\",\"log.origin\":{\"file.name\":\"stateresolver/stateresolver.go\",\"file.line\":48},\"message\":\"New State ID is 9UWEIKAJ\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:46:05 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44558]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:46:05.632Z\",\"log.origin\":{\"file.name\":\"stateresolver/stateresolver.go\",\"file.line\":49},\"message\":\"Converging state requires execution of 2 step(s)\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:46:05 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44558]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:46:05.837Z\",\"log.origin\":{\"file.name\":\"cmd/run.go\",\"file.line\":185},\"message\":\"Shutting down Elastic Agent and sending last events...\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:46:05 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44558]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:46:05.837Z\",\"log.origin\":{\"file.name\":\"operation/operator.go\",\"file.line\":216},\"message\":\"waiting for installer of pipeline 'default' to finish\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:46:05 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: Stopping Elastic Agent is a unified agent to observe, monitor and protect your system....
Feb 03 10:46:06 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44558]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:46:06.923Z\",\"log.origin\":{\"file.name\":\"application/periodic.go\",\"file.line\":101},\"message\":\"No configuration change\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:46:06 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44558]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:46:06.923Z\",\"log.origin\":{\"file.name\":\"process/app.go\",\"file.line\":176},\"message\":\"Signaling application to stop because of shutdown: metricbeat--8.1.0-SNAPSHOT\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:46:06 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44558]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:46:06.923Z\",\"log.origin\":{\"file.name\":\"cmd/run.go\",\"file.line\":193},\"message\":\"Shutting down completed.\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:46:06 ip-172-31-33-67.us-east-2.compute.internal elastic-agent[44558]: {\"log.level\":\"info\",\"@timestamp\":\"2022-02-03T10:46:06.923Z\",\"log.logger\":\"api\",\"log.origin\":{\"file.name\":\"api/server.go\",\"file.line\":66},\"message\":\"Stats endpoint (/opt/Elastic/Agent/data/tmp/elastic-agent.sock) finished: accept unix /opt/Elastic/Agent/data/tmp/elastic-agent.sock: use of closed network connection\",\"ecs.version\":\"1.6.0\"}
Feb 03 10:46:06 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: elastic-agent.service: Succeeded.
Feb 03 10:46:06 ip-172-31-33-67.us-east-2.compute.internal systemd[1]: Stopped Elastic Agent is a unified agent to observe, monitor and protect your system.."

@jlind23
Copy link
Contributor

jlind23 commented Feb 4, 2022

@mdelapenya @adam-stokes could you also provide metricbeat logs as i can found this:

Signaling application to stop because of shutdown: metricbeat--8.1.0-SNAPSHOT

@mdelapenya
Copy link
Contributor

I've ssh'ed into the stack machine and checked fleet-server logs:

Performing setup of Fleet in Kibana

{"log.level":"info","@timestamp":"2022-02-04T10:43:15.422Z","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":572},"message":"Spawning Elastic Agent daemon as a subprocess to complete bootstrap process.","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:15.567Z","log.origin":{"file.name":"application/application.go","file.line":68},"message":"Detecting execution mode","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:15.568Z","log.origin":{"file.name":"application/application.go","file.line":88},"message":"Agent is in Fleet Server bootstrap mode","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:15.864Z","log.logger":"api","log.origin":{"file.name":"api/server.go","file.line":62},"message":"Starting stats endpoint","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:15.864Z","log.origin":{"file.name":"application/fleet_server_bootstrap.go","file.line":130},"message":"Agent is starting","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:15.865Z","log.logger":"api","log.origin":{"file.name":"api/server.go","file.line":64},"message":"Metrics endpoint listening on: /usr/share/elastic-agent/state/data/tmp/elastic-agent.sock (configured: unix:///usr/share/elastic-agent/state/data/tmp/elastic-agent.sock)","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:15.865Z","log.origin":{"file.name":"application/fleet_server_bootstrap.go","file.line":140},"message":"Agent is stopped","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:16.124Z","log.origin":{"file.name":"stateresolver/stateresolver.go","file.line":48},"message":"New State ID is H8BIrQ09","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:16.124Z","log.origin":{"file.name":"stateresolver/stateresolver.go","file.line":49},"message":"Converging state requires execution of 1 step(s)","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:17.076Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-02-04T10:43:17Z - message: Application: fleet-server--8.1.0-SNAPSHOT[]: State changed to STARTING: Starting - type: 'STATE' - sub_type: 'STARTING'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:17.076Z","log.origin":{"file.name":"stateresolver/stateresolver.go","file.line":66},"message":"Updating internal state","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:18.426Z","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":777},"message":"Fleet Server - Starting","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2022-02-04T10:43:18.602Z","log.origin":{"file.name":"status/reporter.go","file.line":236},"message":"Elastic Agent status changed to: 'degraded'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:18.602Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-02-04T10:43:18Z - message: Application: fleet-server--8.1.0-SNAPSHOT[]: State changed to DEGRADED: Running on default policy with Fleet Server integration; missing config fleet.agent.id (expected during bootstrap process) - type: 'STATE' - sub_type: 'RUNNING'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:22.429Z","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":758},"message":"Fleet Server - Running on default policy with Fleet Server integration; missing config fleet.agent.id (expected during bootstrap process)","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2022-02-04T10:43:22.429Z","log.logger":"tls","log.origin":{"file.name":"tlscommon/tls_config.go","file.line":105},"message":"SSL/TLS verifications disabled.","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:23.224Z","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":455},"message":"Starting enrollment to URL: http://0.0.0.0:8220/","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:23.865Z","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":259},"message":"Elastic Agent has been enrolled; start Elastic Agent","ecs.version":"1.6.0"}
Successfully enrolled the Elastic Agent.
{"log.level":"info","@timestamp":"2022-02-04T10:43:23.865Z","log.origin":{"file.name":"cmd/run.go","file.line":185},"message":"Shutting down Elastic Agent and sending last events...","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:23.865Z","log.origin":{"file.name":"operation/operator.go","file.line":216},"message":"waiting for installer of pipeline 'default' to finish","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:23.865Z","log.origin":{"file.name":"process/app.go","file.line":176},"message":"Signaling application to stop because of shutdown: fleet-server--8.1.0-SNAPSHOT","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:25.366Z","log.origin":{"file.name":"status/reporter.go","file.line":236},"message":"Elastic Agent status changed to: 'online'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:25.366Z","log.origin":{"file.name":"cmd/run.go","file.line":193},"message":"Shutting down completed.","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:25.366Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-02-04T10:43:25Z - message: Application: fleet-server--8.1.0-SNAPSHOT[]: State changed to STOPPED: Stopped - type: 'STATE' - sub_type: 'STOPPED'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:25.366Z","log.logger":"api","log.origin":{"file.name":"api/server.go","file.line":66},"message":"Stats endpoint (/usr/share/elastic-agent/state/data/tmp/elastic-agent.sock) finished: accept unix /usr/share/elastic-agent/state/data/tmp/elastic-agent.sock: use of closed network connection","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:25.473Z","log.origin":{"file.name":"application/application.go","file.line":68},"message":"Detecting execution mode","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:25.474Z","log.origin":{"file.name":"application/application.go","file.line":92},"message":"Agent is managed by Fleet","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:25.474Z","log.origin":{"file.name":"capabilities/capabilities.go","file.line":59},"message":"capabilities file not found in /usr/share/elastic-agent/state/capabilities.yml","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2022-02-04T10:43:25.474Z","log.logger":"tls","log.origin":{"file.name":"tlscommon/tls_config.go","file.line":105},"message":"SSL/TLS verifications disabled.","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:25.933Z","log.logger":"composable.providers.docker","log.origin":{"file.name":"docker/docker.go","file.line":43},"message":"Docker provider skipped, unable to connect: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:25.934Z","log.logger":"api","log.origin":{"file.name":"api/server.go","file.line":62},"message":"Starting stats endpoint","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:25.935Z","log.origin":{"file.name":"application/managed_mode.go","file.line":290},"message":"Agent is starting","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:25.935Z","log.logger":"api","log.origin":{"file.name":"api/server.go","file.line":64},"message":"Metrics endpoint listening on: /usr/share/elastic-agent/state/data/tmp/elastic-agent.sock (configured: unix:///usr/share/elastic-agent/state/data/tmp/elastic-agent.sock)","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:26.286Z","log.origin":{"file.name":"stateresolver/stateresolver.go","file.line":48},"message":"New State ID is mEafTX5l","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:26.286Z","log.origin":{"file.name":"stateresolver/stateresolver.go","file.line":49},"message":"Converging state requires execution of 2 step(s)","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:26.318Z","log.origin":{"file.name":"operation/operator.go","file.line":284},"message":"operation 'operation-install' skipped for fleet-server.8.1.0-SNAPSHOT","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:26.502Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-02-04T10:43:26Z - message: Application: fleet-server--8.1.0-SNAPSHOT[e79dd553-fc52-4e67-9a74-a249951fa4ff]: State changed to STARTING: Starting - type: 'STATE' - sub_type: 'STARTING'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:27.527Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-02-04T10:43:27Z - message: Application: fleet-server--8.1.0-SNAPSHOT[e79dd553-fc52-4e67-9a74-a249951fa4ff]: State changed to RUNNING: Running on default policy with Fleet Server integration - type: 'STATE' - sub_type: 'RUNNING'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:33.370Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-02-04T10:43:33Z - message: Application: filebeat--8.1.0-SNAPSHOT--36643631373035623733363936343635[e79dd553-fc52-4e67-9a74-a249951fa4ff]: State changed to STARTING: Starting - type: 'STATE' - sub_type: 'STARTING'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:37.475Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-02-04T10:43:37Z - message: Application: filebeat--8.1.0-SNAPSHOT--36643631373035623733363936343635[e79dd553-fc52-4e67-9a74-a249951fa4ff]: State changed to RUNNING: Running - type: 'STATE' - sub_type: 'RUNNING'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:40.081Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-02-04T10:43:40Z - message: Application: metricbeat--8.1.0-SNAPSHOT--36643631373035623733363936343635[e79dd553-fc52-4e67-9a74-a249951fa4ff]: State changed to STARTING: Starting - type: 'STATE' - sub_type: 'STARTING'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:40.082Z","log.origin":{"file.name":"stateresolver/stateresolver.go","file.line":66},"message":"Updating internal state","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:43.466Z","log.origin":{"file.name":"stateresolver/stateresolver.go","file.line":48},"message":"New State ID is ajv_j7J8","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:43.467Z","log.origin":{"file.name":"stateresolver/stateresolver.go","file.line":49},"message":"Converging state requires execution of 2 step(s)","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:43.499Z","log.origin":{"file.name":"operation/operator.go","file.line":284},"message":"operation 'operation-install' skipped for fleet-server.8.1.0-SNAPSHOT","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:43.499Z","log.origin":{"file.name":"operation/operator.go","file.line":284},"message":"operation 'operation-start' skipped for fleet-server.8.1.0-SNAPSHOT","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:43.546Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-02-04T10:43:43Z - message: Application: fleet-server--8.1.0-SNAPSHOT[e79dd553-fc52-4e67-9a74-a249951fa4ff]: State changed to CONFIG: Re-configuring - type: 'STATE' - sub_type: 'CONFIG'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:43.630Z","log.origin":{"file.name":"operation/operator.go","file.line":284},"message":"operation 'operation-install' skipped for filebeat.8.1.0-SNAPSHOT","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:43.630Z","log.origin":{"file.name":"operation/operator.go","file.line":284},"message":"operation 'operation-start' skipped for filebeat.8.1.0-SNAPSHOT","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:43.631Z","log.origin":{"file.name":"process/configure.go","file.line":50},"message":"initiating restart of 'filebeat_monitoring' due to config change","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:44.237Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-02-04T10:43:44Z - message: Application: metricbeat--8.1.0-SNAPSHOT--36643631373035623733363936343635[e79dd553-fc52-4e67-9a74-a249951fa4ff]: State changed to RUNNING: Running - type: 'STATE' - sub_type: 'RUNNING'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:44.272Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-02-04T10:43:44Z - message: Application: filebeat--8.1.0-SNAPSHOT--36643631373035623733363936343635[e79dd553-fc52-4e67-9a74-a249951fa4ff]: State changed to STOPPED: Stopped - type: 'STATE' - sub_type: 'STOPPED'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:44.537Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-02-04T10:43:44Z - message: Application: filebeat--8.1.0-SNAPSHOT--36643631373035623733363936343635[e79dd553-fc52-4e67-9a74-a249951fa4ff]: State changed to STARTING: Starting - type: 'STATE' - sub_type: 'STARTING'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:44.704Z","log.origin":{"file.name":"operation/operator.go","file.line":284},"message":"operation 'operation-install' skipped for metricbeat.8.1.0-SNAPSHOT","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:44.704Z","log.origin":{"file.name":"operation/operator.go","file.line":284},"message":"operation 'operation-start' skipped for metricbeat.8.1.0-SNAPSHOT","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:44.705Z","log.origin":{"file.name":"process/configure.go","file.line":50},"message":"initiating restart of 'metricbeat_monitoring' due to config change","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:45.211Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-02-04T10:43:45Z - message: Application: metricbeat--8.1.0-SNAPSHOT--36643631373035623733363936343635[e79dd553-fc52-4e67-9a74-a249951fa4ff]: State changed to STOPPED: Stopped - type: 'STATE' - sub_type: 'STOPPED'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:45.404Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-02-04T10:43:45Z - message: Application: metricbeat--8.1.0-SNAPSHOT--36643631373035623733363936343635[e79dd553-fc52-4e67-9a74-a249951fa4ff]: State changed to STARTING: Starting - type: 'STATE' - sub_type: 'STARTING'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:45.404Z","log.origin":{"file.name":"stateresolver/stateresolver.go","file.line":66},"message":"Updating internal state","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:48.642Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-02-04T10:43:48Z - message: Application: filebeat--8.1.0-SNAPSHOT--36643631373035623733363936343635[e79dd553-fc52-4e67-9a74-a249951fa4ff]: State changed to RUNNING: Running - type: 'STATE' - sub_type: 'RUNNING'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T10:43:49.541Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-02-04T10:43:49Z - message: Application: metricbeat--8.1.0-SNAPSHOT--36643631373035623733363936343635[e79dd553-fc52-4e67-9a74-a249951fa4ff]: State changed to RUNNING: Running - type: 'STATE' - sub_type: 'RUNNING'","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2022-02-04T11:03:09.437Z","log.origin":{"file.name":"fleet/fleet_gateway.go","file.line":205},"message":"Could not communicate with fleet-server Checking API will retry, error: status code: 400, fleet-server returned an error: BadRequest","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2022-02-04T11:04:24.106Z","log.origin":{"file.name":"fleet/fleet_gateway.go","file.line":205},"message":"Could not communicate with fleet-server Checking API will retry, error: status code: 400, fleet-server returned an error: BadRequest","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2022-02-04T11:07:51.836Z","log.origin":{"file.name":"fleet/fleet_gateway.go","file.line":205},"message":"Could not communicate with fleet-server Checking API will retry, error: status code: 400, fleet-server returned an error: BadRequest","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2022-02-04T11:14:53.230Z","log.origin":{"file.name":"fleet/fleet_gateway.go","file.line":205},"message":"Could not communicate with fleet-server Checking API will retry, error: status code: 400, fleet-server returned an error: BadRequest","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2022-02-04T11:21:50.641Z","log.origin":{"file.name":"fleet/fleet_gateway.go","file.line":205},"message":"Could not communicate with fleet-server Checking API will retry, error: status code: 400, fleet-server returned an error: BadRequest","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2022-02-04T11:31:36.271Z","log.origin":{"file.name":"fleet/fleet_gateway.go","file.line":205},"message":"Could not communicate with fleet-server Checking API will retry, error: status code: 400, fleet-server returned an error: BadRequest","ecs.version":"1.6.0"}

where the only error I can check is:

{"log.level":"error","@timestamp":"2022-02-04T11:03:09.437Z","log.origin":{"file.name":"fleet/fleet_gateway.go","file.line":205},"message":"Could not communicate with fleet-server Checking API will retry, error: status code: 400, fleet-server returned an error: BadRequest","ecs.version":"1.6.0"}

@mdelapenya
Copy link
Contributor

mdelapenya commented Feb 4, 2022
edited
Loading

@jlind23 here you have the metricbeat log in the agent VM (CentOS 8):

{"log.level":"info","@timestamp":"2022-02-04T11:31:13.307Z","log.origin":{"file.name":"instance/beat.go","file.line":678},"message":"Beat ID: cef959be-e1fc-4c68-9295-0cb641c75b61","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:31:13.307Z","log.origin":{"file.name":"instance/beat.go","file.line":695},"message":"Set gc percentage to: 100","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:31:13.310Z","log.logger":"add_cloud_metadata","log.origin":{"file.name":"add_cloud_metadata/add_cloud_metadata.go","file.line":105},"message":"add_cloud_metadata: hosting provider type detected as aws, metadata={\"cloud\":{\"account\":{\"id\":\"627286350134\"},\"availability_zone\":\"us-east-2c\",\"image\":{\"id\":\"ami-045b0a05944af45c1\"},\"instance\":{\"id\":\"i-0b6a40c7b61469e32\"},\"machine\":{\"type\":\"c5.4xlarge\"},\"provider\":\"aws\",\"region\":\"us-east-2\",\"service\":{\"name\":\"EC2\"}}}","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:31:13.317Z","log.logger":"api","log.origin":{"file.name":"api/server.go","file.line":62},"message":"Starting stats endpoint","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:31:13.317Z","log.logger":"api","log.origin":{"file.name":"api/server.go","file.line":64},"message":"Metrics endpoint listening on: /opt/Elastic/Agent/data/tmp/default/metricbeat/metricbeat.sock (configured: unix:///opt/Elastic/Agent/data/tmp/default/metricbeat/metricbeat.sock)","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:31:13.317Z","log.logger":"seccomp","log.origin":{"file.name":"seccomp/seccomp.go","file.line":124},"message":"Syscall filter successfully installed","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:31:13.317Z","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1048},"message":"Beat info","service.name":"metricbeat","system_info":{"beat":{"path":{"config":"/opt/Elastic/Agent/data/elastic-agent-82fcf6/install/metricbeat-8.1.0-SNAPSHOT-linux-x86_64","data":"/opt/Elastic/Agent/data/elastic-agent-82fcf6/run/default/metricbeat--8.1.0-SNAPSHOT","home":"/opt/Elastic/Agent/data/elastic-agent-82fcf6/install/metricbeat-8.1.0-SNAPSHOT-linux-x86_64","logs":"/opt/Elastic/Agent/data/elastic-agent-82fcf6/install/metricbeat-8.1.0-SNAPSHOT-linux-x86_64/logs"},"type":"metricbeat","uuid":"cef959be-e1fc-4c68-9295-0cb641c75b61"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2022-02-04T11:31:13.317Z","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1057},"message":"Build info","service.name":"metricbeat","system_info":{"build":{"commit":"82fcf6632309dadc7a2b52119faa1270339e8774","libbeat":"8.1.0","time":"2022-01-20T13:47:45.000Z","version":"8.1.0"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2022-02-04T11:31:13.317Z","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1060},"message":"Go runtime info","service.name":"metricbeat","system_info":{"go":{"os":"linux","arch":"amd64","max_procs":16,"version":"go1.17.5"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2022-02-04T11:31:13.318Z","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1064},"message":"Host info","service.name":"metricbeat","system_info":{"host":{"architecture":"x86_64","boot_time":"2022-02-04T10:54:47Z","containerized":false,"name":"ip-172-31-45-64.us-east-2.compute.internal","ip":["127.0.0.1/8","::1/128","172.31.45.64/20","fe80::82b:53ff:fec7:f47e/64","172.17.0.1/16"],"kernel_version":"4.18.0-305.3.1.el8.x86_64","mac":["0a:2b:53:c7:f4:7e","02:42:25:18:0d:c8"],"os":{"type":"linux","family":"redhat","platform":"centos","name":"CentOS Stream","version":"8","major":8,"minor":0,"patch":0},"timezone":"UTC","timezone_offset_sec":0,"id":"ec201538900bc6db2ba5c14c5fc991a3"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2022-02-04T11:31:13.318Z","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1093},"message":"Process info","service.name":"metricbeat","system_info":{"process":{"capabilities":{"inheritable":null,"permitted":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend","audit_read","38","39"],"effective":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend","audit_read","38","39"],"bounding":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend","audit_read","38","39"],"ambient":null},"cwd":"/opt/Elastic/Agent/data/elastic-agent-82fcf6/install/metricbeat-8.1.0-SNAPSHOT-linux-x86_64","exe":"/opt/Elastic/Agent/data/elastic-agent-82fcf6/install/metricbeat-8.1.0-SNAPSHOT-linux-x86_64/metricbeat","name":"metricbeat","pid":45238,"ppid":45197,"seccomp":{"mode":"filter","no_new_privs":true},"start_time":"2022-02-04T11:31:12.590Z"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2022-02-04T11:31:13.318Z","log.origin":{"file.name":"instance/beat.go","file.line":323},"message":"Setup Beat: metricbeat; Version: 8.1.0","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:31:13.319Z","log.logger":"esclientleg","log.origin":{"file.name":"eslegclient/connection.go","file.line":102},"message":"elasticsearch url: http://localhost:9200","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:31:13.319Z","log.logger":"publisher","log.origin":{"file.name":"pipeline/module.go","file.line":113},"message":"Beat name: ip-172-31-45-64.us-east-2.compute.internal","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:31:13.334Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":142},"message":"Starting metrics logging every 30s","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:31:13.334Z","log.origin":{"file.name":"instance/beat.go","file.line":489},"message":"metricbeat start running.","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2022-02-04T11:31:13.334Z","log.logger":"cfgwarn","log.origin":{"file.name":"management/manager.go","file.line":108},"message":"BETA: Fleet management is enabled","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:31:13.334Z","log.logger":"centralmgmt.fleet","log.origin":{"file.name":"management/manager.go","file.line":109},"message":"Starting fleet management service","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:31:13.841Z","log.logger":"centralmgmt.fleet","log.origin":{"file.name":"management/manager.go","file.line":150},"message":"Status change to Configuring: Updating configuration","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:31:13.842Z","log.logger":"centralmgmt.fleet","log.origin":{"file.name":"management/manager.go","file.line":271},"message":"Applying settings for metricbeat.modules","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:31:13.842Z","log.origin":{"file.name":"sysinit/init.go","file.line":53},"message":"initializing HostFS values under agent: /","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:31:13.842Z","log.origin":{"file.name":"sysinit/init.go","file.line":53},"message":"initializing HostFS values under agent: /","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:31:13.843Z","log.origin":{"file.name":"sysinit/init.go","file.line":53},"message":"initializing HostFS values under agent: /","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:31:13.843Z","log.origin":{"file.name":"sysinit/init.go","file.line":53},"message":"initializing HostFS values under agent: /","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:31:13.843Z","log.origin":{"file.name":"filesystem/filesystem.go","file.line":59},"message":"Ignoring filesystem types: sysfs, tmpfs, bdev, proc, cgroup, cgroup2, cpuset, devtmpfs, configfs, debugfs, tracefs, securityfs, sockfs, bpf, pipefs, ramfs, hugetlbfs, devpts, autofs, pstore, mqueue, selinuxfs, rpc_pipefs, fuse, fusectl, overlay","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:31:13.843Z","log.logger":"centralmgmt.fleet","log.origin":{"file.name":"management/manager.go","file.line":271},"message":"Applying settings for output","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:31:13.843Z","log.logger":"esclientleg","log.origin":{"file.name":"eslegclient/connection.go","file.line":102},"message":"elasticsearch url: http://127.0.0.1:9200","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:31:14.844Z","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":139},"message":"Connecting to backoff(elasticsearch(http://127.0.0.1:9200))","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2022-02-04T11:31:14.844Z","log.logger":"esclientleg","log.origin":{"file.name":"transport/logging.go","file.line":37},"message":"Error dialing dial tcp 127.0.0.1:9200: connect: connection refused","service.name":"metricbeat","network":"tcp","address":"127.0.0.1:9200","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2022-02-04T11:31:16.409Z","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":150},"message":"Failed to connect to backoff(elasticsearch(http://127.0.0.1:9200)): Get \"http://127.0.0.1:9200\": dial tcp 127.0.0.1:9200: connect: connection refused","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:31:16.409Z","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":141},"message":"Attempting to reconnect to backoff(elasticsearch(http://127.0.0.1:9200)) with 1 reconnect attempt(s)","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2022-02-04T11:31:16.409Z","log.logger":"esclientleg","log.origin":{"file.name":"transport/logging.go","file.line":37},"message":"Error dialing dial tcp 127.0.0.1:9200: connect: connection refused","service.name":"metricbeat","network":"tcp","address":"127.0.0.1:9200","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2022-02-04T11:31:19.989Z","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":150},"message":"Failed to connect to backoff(elasticsearch(http://127.0.0.1:9200)): Get \"http://127.0.0.1:9200\": dial tcp 127.0.0.1:9200: connect: connection refused","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:31:19.989Z","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":141},"message":"Attempting to reconnect to backoff(elasticsearch(http://127.0.0.1:9200)) with 2 reconnect attempt(s)","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2022-02-04T11:31:19.989Z","log.logger":"esclientleg","log.origin":{"file.name":"transport/logging.go","file.line":37},"message":"Error dialing dial tcp 127.0.0.1:9200: connect: connection refused","service.name":"metricbeat","network":"tcp","address":"127.0.0.1:9200","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2022-02-04T11:31:27.665Z","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":150},"message":"Failed to connect to backoff(elasticsearch(http://127.0.0.1:9200)): Get \"http://127.0.0.1:9200\": dial tcp 127.0.0.1:9200: connect: connection refused","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:31:27.665Z","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":141},"message":"Attempting to reconnect to backoff(elasticsearch(http://127.0.0.1:9200)) with 3 reconnect attempt(s)","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2022-02-04T11:31:27.666Z","log.logger":"esclientleg","log.origin":{"file.name":"transport/logging.go","file.line":37},"message":"Error dialing dial tcp 127.0.0.1:9200: connect: connection refused","service.name":"metricbeat","network":"tcp","address":"127.0.0.1:9200","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2022-02-04T11:31:39.028Z","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":150},"message":"Failed to connect to backoff(elasticsearch(http://127.0.0.1:9200)): Get \"http://127.0.0.1:9200\": dial tcp 127.0.0.1:9200: connect: connection refused","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:31:39.028Z","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":141},"message":"Attempting to reconnect to backoff(elasticsearch(http://127.0.0.1:9200)) with 4 reconnect attempt(s)","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2022-02-04T11:31:39.028Z","log.logger":"esclientleg","log.origin":{"file.name":"transport/logging.go","file.line":37},"message":"Error dialing dial tcp 127.0.0.1:9200: connect: connection refused","service.name":"metricbeat","network":"tcp","address":"127.0.0.1:9200","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:31:43.337Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":184},"message":"Non-zero metrics in the last 30s","service.name":"metricbeat","monitoring":{"metrics":{"beat":{"cgroup":{"cpu":{"cfs":{"period":{"us":100000}},"id":"elastic-agent.service"},"cpuacct":{"id":"elastic-agent.service","total":{"ns":4699169308}},"memory":{"id":"elastic-agent.service","mem":{"limit":{"bytes":9223372036854771712},"usage":{"bytes":575459328}}}},"cpu":{"system":{"ticks":60,"time":{"ms":68}},"total":{"ticks":200,"time":{"ms":217},"value":200},"user":{"ticks":140,"time":{"ms":149}}},"handles":{"limit":{"hard":262144,"soft":1024},"open":18},"info":{"ephemeral_id":"3fea947f-3cf2-4071-aae4-f53f99b8727b","uptime":{"ms":30086},"version":"8.1.0"},"memstats":{"gc_next":19340320,"memory_alloc":17738296,"memory_sys":36258824,"memory_total":41293144,"rss":168759296},"runtime":{"goroutines":70}},"libbeat":{"config":{"module":{"running":4,"starts":4}},"output":{"events":{"active":0},"type":"elasticsearch"},"pipeline":{"clients":4,"events":{"active":20,"published":20,"retry":24,"total":20},"queue":{"max_events":4096}}},"metricbeat":{"system":{"cpu":{"events":3,"success":3},"filesystem":{"events":3,"success":3},"memory":{"events":3,"success":3},"network":{"events":11,"success":11}}},"system":{"cpu":{"cores":16},"load":{"1":0.09,"15":0.06,"5":0.03,"norm":{"1":0.0056,"15":0.0038,"5":0.0019}}}},"ecs.version":"1.6.0"}}
{"log.level":"error","@timestamp":"2022-02-04T11:32:05.930Z","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":150},"message":"Failed to connect to backoff(elasticsearch(http://127.0.0.1:9200)): Get \"http://127.0.0.1:9200\": dial tcp 127.0.0.1:9200: connect: connection refused","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:32:05.930Z","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":141},"message":"Attempting to reconnect to backoff(elasticsearch(http://127.0.0.1:9200)) with 5 reconnect attempt(s)","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2022-02-04T11:32:05.930Z","log.logger":"esclientleg","log.origin":{"file.name":"transport/logging.go","file.line":37},"message":"Error dialing dial tcp 127.0.0.1:9200: connect: connection refused","service.name":"metricbeat","network":"tcp","address":"127.0.0.1:9200","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:32:13.336Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":184},"message":"Non-zero metrics in the last 30s","service.name":"metricbeat","monitoring":{"metrics":{"beat":{"cgroup":{"cpuacct":{"total":{"ns":105985249}},"memory":{"mem":{"usage":{"bytes":1343488}}}},"cpu":{"system":{"ticks":80,"time":{"ms":16}},"total":{"ticks":250,"time":{"ms":45},"value":250},"user":{"ticks":170,"time":{"ms":29}}},"handles":{"limit":{"hard":262144,"soft":1024},"open":17},"info":{"ephemeral_id":"3fea947f-3cf2-4071-aae4-f53f99b8727b","uptime":{"ms":60086},"version":"8.1.0"},"memstats":{"gc_next":21457760,"memory_alloc":14544112,"memory_sys":4194304,"memory_total":45716392,"rss":170946560},"runtime":{"goroutines":70}},"libbeat":{"config":{"module":{"running":4}},"output":{"events":{"active":0}},"pipeline":{"clients":4,"events":{"active":41,"published":21,"retry":6,"total":21}}},"metricbeat":{"system":{"cpu":{"events":3,"success":3},"filesystem":{"events":3,"success":3},"memory":{"events":3,"success":3},"network":{"events":12,"success":12}}},"system":{"load":{"1":0.05,"15":0.06,"5":0.03,"norm":{"1":0.0031,"15":0.0038,"5":0.0019}}}},"ecs.version":"1.6.0"}}
{"log.level":"error","@timestamp":"2022-02-04T11:32:36.986Z","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":150},"message":"Failed to connect to backoff(elasticsearch(http://127.0.0.1:9200)): Get \"http://127.0.0.1:9200\": dial tcp 127.0.0.1:9200: connect: connection refused","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:32:36.986Z","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":141},"message":"Attempting to reconnect to backoff(elasticsearch(http://127.0.0.1:9200)) with 6 reconnect attempt(s)","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2022-02-04T11:32:36.987Z","log.logger":"esclientleg","log.origin":{"file.name":"transport/logging.go","file.line":37},"message":"Error dialing dial tcp 127.0.0.1:9200: connect: connection refused","service.name":"metricbeat","network":"tcp","address":"127.0.0.1:9200","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:32:43.336Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":184},"message":"Non-zero metrics in the last 30s","service.name":"metricbeat","monitoring":{"metrics":{"beat":{"cgroup":{"cpuacct":{"total":{"ns":83015066}},"memory":{"mem":{"usage":{"bytes":389120}}}},"cpu":{"system":{"ticks":90,"time":{"ms":14}},"total":{"ticks":280,"time":{"ms":30},"value":280},"user":{"ticks":190,"time":{"ms":16}}},"handles":{"limit":{"hard":262144,"soft":1024},"open":17},"info":{"ephemeral_id":"3fea947f-3cf2-4071-aae4-f53f99b8727b","uptime":{"ms":90086},"version":"8.1.0"},"memstats":{"gc_next":21457760,"memory_alloc":18548352,"memory_total":49720632,"rss":170946560},"runtime":{"goroutines":70}},"libbeat":{"config":{"module":{"running":4}},"output":{"events":{"active":0}},"pipeline":{"clients":4,"events":{"active":62,"published":21,"retry":6,"total":21}}},"metricbeat":{"system":{"cpu":{"events":3,"success":3},"filesystem":{"events":3,"success":3},"memory":{"events":3,"success":3},"network":{"events":12,"success":12}}},"system":{"load":{"1":0.03,"15":0.06,"5":0.02,"norm":{"1":0.0019,"15":0.0038,"5":0.0013}}}},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2022-02-04T11:33:13.337Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":184},"message":"Non-zero metrics in the last 30s","service.name":"metricbeat","monitoring":{"metrics":{"beat":{"cgroup":{"cpuacct":{"total":{"ns":92792264}},"memory":{"mem":{"usage":{"bytes":2899968}}}},"cpu":{"system":{"ticks":110,"time":{"ms":18}},"total":{"ticks":320,"time":{"ms":43},"value":320},"user":{"ticks":210,"time":{"ms":25}}},"handles":{"limit":{"hard":262144,"soft":1024},"open":17},"info":{"ephemeral_id":"3fea947f-3cf2-4071-aae4-f53f99b8727b","uptime":{"ms":120086},"version":"8.1.0"},"memstats":{"gc_next":22274912,"memory_alloc":13841392,"memory_total":54120240,"rss":173625344},"runtime":{"goroutines":70}},"libbeat":{"config":{"module":{"running":4}},"output":{"events":{"active":0}},"pipeline":{"clients":4,"events":{"active":83,"published":21,"total":21}}},"metricbeat":{"system":{"cpu":{"events":3,"success":3},"filesystem":{"events":3,"success":3},"memory":{"events":3,"success":3},"network":{"events":12,"success":12}}},"system":{"load":{"1":0.02,"15":0.05,"5":0.02,"norm":{"1":0.0013,"15":0.0031,"5":0.0013}}}},"ecs.version":"1.6.0"}}
{"log.level":"error","@timestamp":"2022-02-04T11:33:33.680Z","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":150}debug2: channel 0: window 996248 sent adjust 52328
,"message":"Failed to connect to backoff(elasticsearch(http://127.0.0.1:9200)): Get \"http://127.0.0.1:9200\": dial tcp 127.0.0.1:9200: connect: connection refused","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:33:33.680Z","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":141},"message":"Attempting to reconnect to backoff(elasticsearch(http://127.0.0.1:9200)) with 7 reconnect attempt(s)","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2022-02-04T11:33:33.680Z","log.logger":"esclientleg","log.origin":{"file.name":"transport/logging.go","file.line":37},"message":"Error dialing dial tcp 127.0.0.1:9200: connect: connection refused","service.name":"metricbeat","network":"tcp","address":"127.0.0.1:9200","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:33:43.336Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":184},"message":"Non-zero metrics in the last 30s","service.name":"metricbeat","monitoring":{"metrics":{"beat":{"cgroup":{"cpuacct":{"total":{"ns":124200142}},"memory":{"mem":{"usage":{"bytes":-32768}}}},"cpu":{"system":{"ticks":120,"time":{"ms":11}},"total":{"ticks":360,"time":{"ms":32},"value":360},"user":{"ticks":240,"time":{"ms":21}}},"handles":{"limit":{"hard":262144,"soft":1024},"open":17},"info":{"ephemeral_id":"3fea947f-3cf2-4071-aae4-f53f99b8727b","uptime":{"ms":150087},"version":"8.1.0"},"memstats":{"gc_next":22274912,"memory_alloc":18364800,"memory_total":58643648,"rss":173948928},"runtime":{"goroutines":70}},"libbeat":{"config":{"module":{"running":4}},"output":{"events":{"active":0}},"pipeline":{"clients":4,"events":{"active":104,"published":21,"retry":6,"total":21}}},"metricbeat":{"system":{"cpu":{"events":3,"success":3},"filesystem":{"events":3,"success":3},"memory":{"events":3,"success":3},"network":{"events":12,"success":12}}},"system":{"load":{"1":0.01,"15":0.05,"5":0.02,"norm":{"1":0.0006,"15":0.0031,"5":0.0013}}}},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2022-02-04T11:34:13.336Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":184},"message":"Non-zero metrics in the last 30s","service.name":"metricbeat","monitoring":{"metrics":{"beat":{"cgroup":{"cpuacct":{"total":{"ns":93486183}},"memory":{"mem":{"usage":{"bytes":671744}}}},"cpu":{"system":{"ticks":140,"time":{"ms":16}},"total":{"ticks":400,"time":{"ms":44},"value":400},"user":{"ticks":260,"time":{"ms":28}}},"handles":{"limit":{"hard":262144,"soft":1024},"open":17},"info":{"ephemeral_id":"3fea947f-3cf2-4071-aae4-f53f99b8727b","uptime":{"ms":180085},"version":"8.1.0"},"memstats":{"gc_next":23201504,"memory_alloc":12950840,"memory_total":62649024,"rss":173948928},"runtime":{"goroutines":70}},"libbeat":{"config":{"module":{"running":4}},"output":{"events":{"active":0}},"pipeline":{"clients":4,"events":{"active":125,"published":21,"total":21}}},"metricbeat":{"system":{"cpu":{"events":3,"success":3},"filesystem":{"events":3,"success":3},"memory":{"events":3,"success":3},"network":{"events":12,"success":12}}},"system":{"load":{"1":0,"15":0.05,"5":0.01,"norm":{"1":0,"15":0.0031,"5":0.0006}}}},"ecs.version":"1.6.0"}}
{"log.level":"error","@timestamp":"2022-02-04T11:34:27.224Z","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":150},"message":"Failed to connect to backoff(elasticsearch(http://127.0.0.1:9200)): Get \"http://127.0.0.1:9200\": dial tcp 127.0.0.1:9200: connect: connection refused","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:34:27.224Z","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":141},"message":"Attempting to reconnect to backoff(elasticsearch(http://127.0.0.1:9200)) with 8 reconnect attempt(s)","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2022-02-04T11:34:27.224Z","log.logger":"esclientleg","log.origin":{"file.name":"transport/logging.go","file.line":37},"message":"Error dialing dial tcp 127.0.0.1:9200: connect: connection refused","service.name":"metricbeat","network":"tcp","address":"127.0.0.1:9200","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:34:43.336Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":184},"message":"Non-zero metrics in the last 30s","service.name":"metricbeat","monitoring":{"metrics":{"beat":{"cgroup":{"cpuacct":{"total":{"ns":85302077}},"memory":{"mem":{"usage":{"bytes":163840}}}},"cpu":{"system":{"ticks":150,"time":{"ms":16}},"total":{"ticks":430,"time":{"ms":32},"value":430},"user":{"ticks":280,"time":{"ms":16}}},"handles":{"limit":{"hard":262144,"soft":1024},"open":17},"info":{"ephemeral_id":"3fea947f-3cf2-4071-aae4-f53f99b8727b","uptime":{"ms":210086},"version":"8.1.0"},"memstats":{"gc_next":23201504,"memory_alloc":17544824,"memory_total":67243008,"rss":175038464},"runtime":{"goroutines":70}},"libbeat":{"config":{"module":{"running":4}},"output":{"events":{"active":0}},"pipeline":{"clients":4,"events":{"active":146,"published":21,"retry":6,"total":21}}},"metricbeat":{"system":{"cpu":{"events":3,"success":3},"filesystem":{"events":3,"success":3},"memory":{"events":3,"success":3},"network":{"events":12,"success":12}}},"system":{"load":{"1":0,"15":0.05,"5":0.01,"norm":{"1":0,"15":0.0031,"5":0.0006}}}},"ecs.version":"1.6.0"}}
{"log.level":"error","@timestamp":"2022-02-04T11:34:57.227Z","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":150},"message":"Failed to connect to backoff(elasticsearch(http://127.0.0.1:9200)): Get \"http://127.0.0.1:9200\": dial tcp 127.0.0.1:9200: connect: connection refused","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:34:57.227Z","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":141},"message":"Attempting to reconnect to backoff(elasticsearch(http://127.0.0.1:9200)) with 9 reconnect attempt(s)","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2022-02-04T11:34:57.228Z","log.logger":"esclientleg","log.origin":{"file.name":"transport/logging.go","file.line":37},"message":"Error dialing dial tcp 127.0.0.1:9200: connect: connection refused","service.name":"metricbeat","network":"tcp","address":"127.0.0.1:9200","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:35:13.336Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":184},"message":"Non-zero metrics in the last 30s","service.name":"metricbeat","monitoring":{"metrics":{"beat":{"cgroup":{"cpuacct":{"total":{"ns":96717634}},"memory":{"mem":{"usage":{"bytes":-1142784}}}},"cpu":{"system":{"ticks":170,"time":{"ms":14}},"total":{"ticks":470,"time":{"ms":32},"value":470},"user":{"ticks":300,"time":{"ms":18}}},"handles":{"limit":{"hard":262144,"soft":1024},"open":17},"info":{"ephemeral_id":"3fea947f-3cf2-4071-aae4-f53f99b8727b","uptime":{"ms":240085},"version":"8.1.0"},"memstats":{"gc_next":23201504,"memory_alloc":21462416,"memory_total":71160600,"rss":175038464},"runtime":{"goroutines":70}},"libbeat":{"config":{"module":{"running":4}},"output":{"events":{"active":0}},"pipeline":{"clients":4,"events":{"active":167,"published":21,"retry":6,"total":21}}},"metricbeat":{"system":{"cpu":{"events":3,"success":3},"filesystem":{"events":3,"success":3},"memory":{"events":3,"success":3},"network":{"events":12,"success":12}}},"system":{"load":{"1":0,"15":0.04,"5":0.01,"norm":{"1":0,"15":0.0025,"5":0.0006}}}},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2022-02-04T11:35:43.336Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":184},"message":"Non-zero metrics in the last 30s","service.name":"metricbeat","monitoring":{"metrics":{"beat":{"cgroup":{"cpuacct":{"total":{"ns":132439966}},"memory":{"mem":{"usage":{"bytes":3121152}}}},"cpu":{"system":{"ticks":180,"time":{"ms":16}},"total":{"ticks":510,"time":{"ms":45},"value":510},"user":{"ticks":330,"time":{"ms":29}}},"handles":{"limit":{"hard":262144,"soft":1024},"open":17},"info":{"ephemeral_id":"3fea947f-3cf2-4071-aae4-f53f99b8727b","uptime":{"ms":270086},"version":"8.1.0"},"memstats":{"gc_next":24040016,"memory_alloc":15908920,"memory_sys":4194304,"memory_total":75634992,"rss":177135616},"runtime":{"goroutines":70}},"libbeat":{"config":{"module":{"running":4}},"output":{"events":{"active":0}},"pipeline":{"clients":4,"events":{"active":188,"published":21,"total":21}}},"metricbeat":{"system":{"cpu":{"events":3,"success":3},"filesystem":{"events":3,"success":3},"memory":{"events":3,"success":3},"network":{"events":12,"success":12}}},"system":{"load":{"1":0,"15":0.04,"5":0,"norm":{"1":0,"15":0.0025,"5":0}}}},"ecs.version":"1.6.0"}}
{"log.level":"error","@timestamp":"2022-02-04T11:35:57.208Z","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":150},"message":"Failed to connect to backoff(elasticsearch(http://127.0.0.1:9200)): Get \"http://127.0.0.1:9200\": dial tcp 127.0.0.1:9200: connect: connection refused","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T11:35:57.208Z","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":141},"message":"Attempting to reconnect to backoff(elasticsearch(http://127.0.0.1:9200)) with 10 reconnect attempt(s)","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2022-02-04T11:35:57.208Z","log.logger":"esclientleg","log.origin":{"file.name":"transport/logging.go","file.line":37},"message":"Error dialing dial tcp 127.0.0.1:9200: connect: connection refused","service.name":"metricbeat","network":"tcp","address":"127.0.0.1:9200","ecs.version":"1.6.0"}

I can see this:

{"log.level":"error","@timestamp":"2022-02-04T11:35:57.208Z","log.logger":"esclientleg","log.origin":{"file.name":"transport/logging.go","file.line":37},"message":"Error dialing dial tcp 127.0.0.1:9200: connect: connection refused","service.name":"metricbeat","network":"tcp","address":"127.0.0.1:9200","ecs.version":"1.6.0"}

which points to metricbeat not receiving the right elasticsearch host configuration. But I've have expected to see all data sent through the fleet-server instead. Am I right?

@mdelapenya
Copy link
Contributor

One thing that I see browsing Fleet's UI is that fleet-server is offline:

Screenshot 2022-02-04 at 13 52 33

Even though the log of fleet-server says agent enrolled (see #2096 (comment)):

{"log.level":"info","@timestamp":"2022-02-04T10:43:23.865Z","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":259},"message":"Elastic Agent has been enrolled; start Elastic Agent","ecs.version":"1.6.0"}
Successfully enrolled the Elastic Agent.

the fleet-server finally fails with a 400 error:

{"log.level":"error","@timestamp":"2022-02-04T11:03:09.437Z","log.origin":{"file.name":"fleet/fleet_gateway.go","file.line":205},"message":"Could not communicate with fleet-server Checking API will retry, error: status code: 400, fleet-server returned an error: BadRequest","ecs.version":"1.6.0"}

I'm going to bootstrap the fleet-server manually

@jlind23
Copy link
Contributor

jlind23 commented Feb 4, 2022

@adam-stokes said that it is failing one time out of three. Is there any thing different used on your end?

@mdelapenya
Copy link
Contributor

I've just verified that the fleet-server container needs the FLEET_SERVER_POLICY_ID env var to be set with the default policy for fleet-server.

I manually was able to see the fleet-server as enrolled after manually running:

docker run -d \
    -e "ELASTICSEARCH_USERNAME=admin" \
    -e "ELASTICSEARCH_PASSWORD=changeme" \
    -e "FLEET_SERVER_ENABLE=1" \
    -e "FLEET_SERVER_HOST=0.0.0.0" \
    -e "FLEET_SERVER_INSECURE_HTTP=1" \
    -e "FLEET_SERVER_PORT=8220" \
    -e "FLEET_SERVER_POLICY_ID=499b5aa7-d214-5b5d-838b-3cd76469844e" \
    -e "FLEET_SERVER_SERVICE_TOKEN=AAEAAWVsYXN0aWMvZmxlZXQtc2VydmVyL3Rva2VuLTE2NDM5NzkzNzk5NDU6WVdLYkc3bzdUTS1aZWNfV2hfVEh1Zw" \
    -e "FLEET_ENROLL=1" \
    -e "FLEET_ENROLLMENT_TOKEN=" \
    -e "FLEET_INSECURE=1" \
    -e "FLEET_URL=" \
    -e "KIBANA_FLEET_HOST=http://18.216.107.149:5601" \
    -e "KIBANA_FLEET_SETUP=1" \
    --network fleet_default \
    --name fleet_fleet-server_1 \
    docker.elastic.co/beats/elastic-agent:8.1.0-aa69d697-SNAPSHOT

I've submitted this commit to pass the policy to the fleet-server: be2e305

@mdelapenya
Copy link
Contributor

mdelapenya commented Feb 4, 2022
edited
Loading

BTW, the variable is a little bit hidden into the agent command: https://github.com/elastic/beats/blob/237937085a5a7337ba06f1268cfc55cd4b869e31/x-pack/elastic-agent/pkg/agent/cmd/container.go#L98

I miss having docs about the env vars. I had to translate the inline help command in this screen to the above env vars:
Screenshot 2022-02-04 at 14 18 52

@mdelapenya
Copy link
Contributor

With this commit (be2e305) I'm seeing fleet-server online!

Screenshot 2022-02-04 at 14 29 17

@mdelapenya
Copy link
Contributor

mdelapenya commented Feb 4, 2022
edited
Loading

Oh no! Fleet-server moved to offline after a while!

Screenshot 2022-02-04 at 14 54 30

Logs

Performing setup of Fleet in Kibana

Policy selected for enrollment:  499b5aa7-d214-5b5d-838b-3cd76469844e
{"log.level":"info","@timestamp":"2022-02-04T13:28:20.245Z","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":572},"message":"Spawning Elastic Agent daemon as a subprocess to complete bootstrap process.","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:20.384Z","log.origin":{"file.name":"application/application.go","file.line":68},"message":"Detecting execution mode","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:20.385Z","log.origin":{"file.name":"application/application.go","file.line":88},"message":"Agent is in Fleet Server bootstrap mode","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:20.654Z","log.logger":"api","log.origin":{"file.name":"api/server.go","file.line":62},"message":"Starting stats endpoint","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:20.654Z","log.origin":{"file.name":"application/fleet_server_bootstrap.go","file.line":130},"message":"Agent is starting","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:20.655Z","log.logger":"api","log.origin":{"file.name":"api/server.go","file.line":64},"message":"Metrics endpoint listening on: /usr/share/elastic-agent/state/data/tmp/elastic-agent.sock (configured: unix:///usr/share/elastic-agent/state/data/tmp/elastic-agent.sock)","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:20.655Z","log.origin":{"file.name":"application/fleet_server_bootstrap.go","file.line":140},"message":"Agent is stopped","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:20.918Z","log.origin":{"file.name":"stateresolver/stateresolver.go","file.line":48},"message":"New State ID is lbtNmnUu","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:20.918Z","log.origin":{"file.name":"stateresolver/stateresolver.go","file.line":49},"message":"Converging state requires execution of 1 step(s)","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:21.963Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-02-04T13:28:21Z - message: Application: fleet-server--8.1.0-SNAPSHOT[]: State changed to STARTING: Starting - type: 'STATE' - sub_type: 'STARTING'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:21.964Z","log.origin":{"file.name":"stateresolver/stateresolver.go","file.line":66},"message":"Updating internal state","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:23.327Z","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":777},"message":"Fleet Server - Starting","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2022-02-04T13:28:23.487Z","log.origin":{"file.name":"status/reporter.go","file.line":236},"message":"Elastic Agent status changed to: 'degraded'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:23.487Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-02-04T13:28:23Z - message: Application: fleet-server--8.1.0-SNAPSHOT[]: State changed to DEGRADED: Running on policy with Fleet Server integration: 499b5aa7-d214-5b5d-838b-3cd76469844e; missing config fleet.agent.id (expected during bootstrap process) - type: 'STATE' - sub_type: 'RUNNING'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:27.330Z","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":758},"message":"Fleet Server - Running on policy with Fleet Server integration: 499b5aa7-d214-5b5d-838b-3cd76469844e; missing config fleet.agent.id (expected during bootstrap process)","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2022-02-04T13:28:27.330Z","log.logger":"tls","log.origin":{"file.name":"tlscommon/tls_config.go","file.line":105},"message":"SSL/TLS verifications disabled.","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:27.598Z","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":455},"message":"Starting enrollment to URL: http://0.0.0.0:8220/","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:28.444Z","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":259},"message":"Elastic Agent has been enrolled; start Elastic Agent","ecs.version":"1.6.0"}
Successfully enrolled the Elastic Agent.
{"log.level":"info","@timestamp":"2022-02-04T13:28:28.444Z","log.origin":{"file.name":"cmd/run.go","file.line":185},"message":"Shutting down Elastic Agent and sending last events...","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:28.444Z","log.origin":{"file.name":"operation/operator.go","file.line":216},"message":"waiting for installer of pipeline 'default' to finish","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:28.444Z","log.origin":{"file.name":"process/app.go","file.line":176},"message":"Signaling application to stop because of shutdown: fleet-server--8.1.0-SNAPSHOT","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:29.944Z","log.origin":{"file.name":"status/reporter.go","file.line":236},"message":"Elastic Agent status changed to: 'online'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:29.945Z","log.origin":{"file.name":"cmd/run.go","file.line":193},"message":"Shutting down completed.","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:29.945Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-02-04T13:28:29Z - message: Application: fleet-server--8.1.0-SNAPSHOT[]: State changed to STOPPED: Stopped - type: 'STATE' - sub_type: 'STOPPED'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:29.945Z","log.logger":"api","log.origin":{"file.name":"api/server.go","file.line":66},"message":"Stats endpoint (/usr/share/elastic-agent/state/data/tmp/elastic-agent.sock) finished: accept unix /usr/share/elastic-agent/state/data/tmp/elastic-agent.sock: use of closed network connection","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:30.051Z","log.origin":{"file.name":"application/application.go","file.line":68},"message":"Detecting execution mode","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:30.052Z","log.origin":{"file.name":"application/application.go","file.line":92},"message":"Agent is managed by Fleet","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:30.052Z","log.origin":{"file.name":"capabilities/capabilities.go","file.line":59},"message":"capabilities file not found in /usr/share/elastic-agent/state/capabilities.yml","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2022-02-04T13:28:30.052Z","log.logger":"tls","log.origin":{"file.name":"tlscommon/tls_config.go","file.line":105},"message":"SSL/TLS verifications disabled.","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:30.239Z","log.logger":"composable.providers.docker","log.origin":{"file.name":"docker/docker.go","file.line":43},"message":"Docker provider skipped, unable to connect: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:30.241Z","log.logger":"api","log.origin":{"file.name":"api/server.go","file.line":62},"message":"Starting stats endpoint","ecs.version":"1.6.0"}
debug2: channel 0: window 997259 sent adjust 51317
{"log.level":"info","@timestamp":"2022-02-04T13:28:30.241Z","log.origin":{"file.name":"application/managed_mode.go","file.line":290},"message":"Agent is starting","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:30.241Z","log.logger":"api","log.origin":{"file.name":"api/server.go","file.line":64},"message":"Metrics endpoint listening on: /usr/share/elastic-agent/state/data/tmp/elastic-agent.sock (configured: unix:///usr/share/elastic-agent/state/data/tmp/elastic-agent.sock)","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:30.600Z","log.origin":{"file.name":"stateresolver/stateresolver.go","file.line":48},"message":"New State ID is t50PPu_U","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:30.600Z","log.origin":{"file.name":"stateresolver/stateresolver.go","file.line":49},"message":"Converging state requires execution of 2 step(s)","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:30.633Z","log.origin":{"file.name":"operation/operator.go","file.line":284},"message":"operation 'operation-install' skipped for fleet-server.8.1.0-SNAPSHOT","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:30.788Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-02-04T13:28:30Z - message: Application: fleet-server--8.1.0-SNAPSHOT[a7462504-a9e7-4c02-b720-bfd0b736f2fe]: State changed to STARTING: Starting - type: 'STATE' - sub_type: 'STARTING'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:31.813Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-02-04T13:28:31Z - message: Application: fleet-server--8.1.0-SNAPSHOT[a7462504-a9e7-4c02-b720-bfd0b736f2fe]: State changed to RUNNING: Running on policy with Fleet Server integration: 499b5aa7-d214-5b5d-838b-3cd76469844e - type: 'STATE' - sub_type: 'RUNNING'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:37.911Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-02-04T13:28:37Z - message: Application: filebeat--8.1.0-SNAPSHOT--36643631373035623733363936343635[a7462504-a9e7-4c02-b720-bfd0b736f2fe]: State changed to STARTING: Starting - type: 'STATE' - sub_type: 'STARTING'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:42.006Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-02-04T13:28:42Z - message: Application: filebeat--8.1.0-SNAPSHOT--36643631373035623733363936343635[a7462504-a9e7-4c02-b720-bfd0b736f2fe]: State changed to RUNNING: Running - type: 'STATE' - sub_type: 'RUNNING'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:44.523Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-02-04T13:28:44Z - message: Application: metricbeat--8.1.0-SNAPSHOT--36643631373035623733363936343635[a7462504-a9e7-4c02-b720-bfd0b736f2fe]: State changed to STARTING: Starting - type: 'STATE' - sub_type: 'STARTING'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:44.524Z","log.origin":{"file.name":"stateresolver/stateresolver.go","file.line":66},"message":"Updating internal state","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:48.044Z","log.origin":{"file.name":"stateresolver/stateresolver.go","file.line":48},"message":"New State ID is WWGRtB2L","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:48.044Z","log.origin":{"file.name":"stateresolver/stateresolver.go","file.line":49},"message":"Converging state requires execution of 2 step(s)","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:48.077Z","log.origin":{"file.name":"operation/operator.go","file.line":284},"message":"operation 'operation-install' skipped for fleet-server.8.1.0-SNAPSHOT","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:48.077Z","log.origin":{"file.name":"operation/operator.go","file.line":284},"message":"operation 'operation-start' skipped for fleet-server.8.1.0-SNAPSHOT","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:48.208Z","log.origin":{"file.name":"operation/operator.go","file.line":284},"message":"operation 'operation-install' skipped for filebeat.8.1.0-SNAPSHOT","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:48.208Z","log.origin":{"file.name":"operation/operator.go","file.line":284},"message":"operation 'operation-start' skipped for filebeat.8.1.0-SNAPSHOT","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:48.209Z","log.origin":{"file.name":"process/configure.go","file.line":50},"message":"initiating restart of 'filebeat_monitoring' due to config change","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:48.334Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-02-04T13:28:48Z - message: Application: fleet-server--8.1.0-SNAPSHOT[a7462504-a9e7-4c02-b720-bfd0b736f2fe]: State changed to CONFIG: Re-configuring - type: 'STATE' - sub_type: 'CONFIG'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:48.665Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-02-04T13:28:48Z - message: Application: metricbeat--8.1.0-SNAPSHOT--36643631373035623733363936343635[a7462504-a9e7-4c02-b720-bfd0b736f2fe]: State changed to RUNNING: Running - type: 'STATE' - sub_type: 'RUNNING'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:48.715Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-02-04T13:28:48Z - message: Application: filebeat--8.1.0-SNAPSHOT--36643631373035623733363936343635[a7462504-a9e7-4c02-b720-bfd0b736f2fe]: State changed to STOPPED: Stopped - type: 'STATE' - sub_type: 'STOPPED'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:48.817Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-02-04T13:28:48Z - message: Application: filebeat--8.1.0-SNAPSHOT--36643631373035623733363936343635[a7462504-a9e7-4c02-b720-bfd0b736f2fe]: State changed to STARTING: Starting - type: 'STATE' - sub_type: 'STARTING'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:48.978Z","log.origin":{"file.name":"operation/operator.go","file.line":284},"message":"operation 'operation-install' skipped for metricbeat.8.1.0-SNAPSHOT","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:48.978Z","log.origin":{"file.name":"operation/operator.go","file.line":284},"message":"operation 'operation-start' skipped for metricbeat.8.1.0-SNAPSHOT","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:48.980Z","log.origin":{"file.name":"process/configure.go","file.line":50},"message":"initiating restart of 'metricbeat_monitoring' due to config change","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:49.486Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-02-04T13:28:49Z - message: Application: metricbeat--8.1.0-SNAPSHOT--36643631373035623733363936343635[a7462504-a9e7-4c02-b720-bfd0b736f2fe]: State changed to STOPPED: Stopped - type: 'STATE' - sub_type: 'STOPPED'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:49.668Z","log.origin":{"file.name":"stateresolver/stateresolver.go","file.line":66},"message":"Updating internal state","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:49.667Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-02-04T13:28:49Z - message: Application: metricbeat--8.1.0-SNAPSHOT--36643631373035623733363936343635[a7462504-a9e7-4c02-b720-bfd0b736f2fe]: State changed to STARTING: Starting - type: 'STATE' - sub_type: 'STARTING'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:52.907Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-02-04T13:28:52Z - message: Application: filebeat--8.1.0-SNAPSHOT--36643631373035623733363936343635[a7462504-a9e7-4c02-b720-bfd0b736f2fe]: State changed to RUNNING: Running - type: 'STATE' - sub_type: 'RUNNING'","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-02-04T13:28:53.803Z","log.origin":{"file.name":"log/reporter.go","file.line":40},"message":"2022-02-04T13:28:53Z - message: Application: metricbeat--8.1.0-SNAPSHOT--36643631373035623733363936343635[a7462504-a9e7-4c02-b720-bfd0b736f2fe]: State changed to RUNNING: Running - type: 'STATE' - sub_type: 'RUNNING'","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2022-02-04T13:52:39.030Z","log.origin":{"file.name":"fleet/fleet_gateway.go","file.line":205},"message":"Could not communicate with fleet-server Checking API will retry, error: status code: 400, fleet-server returned an error: BadRequest","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2022-02-04T13:54:05.445Z","log.origin":{"file.name":"fleet/fleet_gateway.go","file.line":205},"message":"Could not communicate with fleet-server Checking API will retry, error: status code: 400, fleet-server returned an error: BadRequest","ecs.version":"1.6.0"}

@mdelapenya
Copy link
Contributor

@jlind23 I'm concerned that the checking API is not responsive after a while:

{"log.level":"error","@timestamp":"2022-02-04T13:52:39.030Z","log.origin":{"file.name":"fleet/fleet_gateway.go","file.line":205},"message":"Could not communicate with fleet-server Checking API will retry, error: status code: 400, fleet-server returned an error: BadRequest","ecs.version":"1.6.0"}

Can anybody from the team help us here?

@jlind23
Copy link
Contributor

jlind23 commented Feb 4, 2022

@michel-laterman would you be able to chime in?

@mdelapenya
Copy link
Contributor

mdelapenya commented Feb 4, 2022
edited
Loading

I'd say that the all or almost all of the current errors in #2064 are caused by this 400 error:

[2022-02-04T13:49:28.738Z] �[31mERRO�[0m[2022-02-04T13:49:27Z] Error executing command �[31margs�[0m="[install --e --force --insecure --enrollment-token=ZTc3OXhINEIxNmt6Y2FrR2xyclo6U2RXV3Z1NWJTYjZUYUFCVl9PNEJVQQ== --url http://3.141.165.7:8220]" �[31mbaseDir�[0m=. �[31mcommand�[0m=./elastic-agent/elastic-agent �[31menv�[0m="map[]" �[31merror�[0m="exit status 1" �[31mstderr�[0m="{"log.level":"warn","@timestamp":"2022-02-04T13:49:24.417Z","log.logger":"tls","log.origin":{"file.name":"tlscommon/tls_config.go","file.line":105},"message":"SSL/TLS verifications disabled.","ecs.version":"1.6.0"}\n{"log.level":"info","@timestamp":"2022-02-04T13:49:25.078Z","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":455},"message":"Starting enrollment to URL: http://3.141.165.7:8220/","ecs.version":"1.6.0"}\nError: fail to enroll: fail to execute request to fleet-server: status code: 400, fleet-server returned an error: BadRequest\nFor help, please see our troubleshooting guide at https://www.elastic.co/guide/en/fleet/8.1/fleet-troubleshooting.html\nError: enroll command failed with exit code: 1\nFor help, please see our troubleshooting guide at https://www.elastic.co/guide/en/fleet/8.1/fleet-troubleshooting.html\n"

In which scenarios could fleet-server get to the offline status?

@michel-laterman
Copy link

michel-laterman commented Feb 4, 2022
edited
Loading

can we see the fleet.yml config from the host? Also do we have access to the fleet-server logs?

@mdelapenya
Copy link
Contributor

mdelapenya commented Feb 7, 2022
edited
Loading

I've just added your public SSH key from Github to the VMs, so you are able now to SSH into the machines. I'll paste here the info:

[Stack]
3.15.172.147

[CentOS]
18.191.145.1
52.15.36.241

[Debian]
18.221.171.220
18.220.150.73
18.117.216.66
3.22.234.200
13.58.91.182
18.220.222.118
18.117.228.61
18.118.36.32
3.143.208.118
3.17.139.185
18.219.13.4

[SLES]
3.134.99.253
3.141.100.130
3.19.141.249
18.118.133.136
18.217.225.146

The build URL for this set of machines is https://beats-ci.elastic.co/blue/organizations/jenkins/e2e-tests%2Fe2e-testing-mbp/detail/PR-2064/43/pipeline/563/

Accessing the stack VM

This VM contains a docker compose starting elasticsearch, kibana and fleet-server.

# ssh into the stack machine
ssh -i ~/.ssh/YOUR_SSH_PRIVATE_KEY -vvvv [email protected]

# change to use root user
sudo su -

# check running containers
root@ip-172-31-38-15:~# docker ps -a
CONTAINER ID   IMAGE                                                                   COMMAND                  CREATED          STATUS                    PORTS                                                 NAMES
46fd81d5f9c5   docker.elastic.co/beats/elastic-agent:8.1.0-aa69d697-SNAPSHOT           "/usr/bin/tini -- /u…"   35 minutes ago   Up 35 minutes             0.0.0.0:8220->8220/tcp, :::8220->8220/tcp             fleet_fleet-server_1
ea95dba0d881   docker.elastic.co/kibana/kibana:8.1.0-aa69d697-SNAPSHOT                 "/bin/tini -- /usr/l…"   36 minutes ago   Up 36 minutes (healthy)   0.0.0.0:5601->5601/tcp, :::5601->5601/tcp             fleet_kibana_1
6f105bf7a08e   docker.elastic.co/elasticsearch/elasticsearch:8.1.0-aa69d697-SNAPSHOT   "/bin/tini -- /usr/l…"   37 minutes ago   Up 36 minutes (healthy)   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp, 9300/tcp   fleet_elasticsearch_1

Accessing any of the nodes

  1. Check above list of IPs
  2. Choose an OS and an IP
  3. As an example, the "Debian + Amd64 + Backend Processes" test stage in Jenkins related to:
    • Public IP: 18.220.150.73
  4. SSH into the machine with the right user (Debian uses admin, CentO uses centos, SLES uses ec2-user)
# ssh into the Debian machine
ssh -i ~/.ssh/YOUR_SSH_PRIVATE_KEY -vvvv [email protected]

# change to use root user
sudo su -

Fleet Server logs

http://3.15.172.147:5601/app/fleet/agents/f75095a8-11ff-4e58-a06a-2e2527b8f005/logs

fleet.yml for Fleet Server

SSH into the stack machine, as described above.

ssh -i ~/.ssh/YOUR_SSH_PRIVATE_KEY -vvvv [email protected]

Enter the fleet-server container:

docker exec -ti fleet_fleet-server_1 bash

See fleet.yml contents:

cat /usr/share/elastic-agent/state/fleet.yml
agent:
  id: f75095a8-11ff-4e58-a06a-2e2527b8f005
  monitoring.http:
    enabled: false
    host: ""
    port: 6791
fleet:
  enabled: true
  access_api_key: LVV4NjAzNEJSSTdIc0RZaEtzaEo6NEs3WXdhSWFUUi1Zc2FKdnRGd05Jdw==
  protocol: http
  host: 0.0.0.0:8220
  ssl:
    verification_mode: none
    renegotiation: never
  timeout: 10m0s
  proxy_disable: true
  reporting:
    threshold: 10000
    check_frequency_sec: 30
  agent:
    id: ""
  server:
    policy:
      id: 499b5aa7-d214-5b5d-838b-3cd76469844e
    output:
      elasticsearch:
        protocol: http
        hosts:
        - elasticsearch:9200
        service_token: 8/LoAxYzOEJQcTJYZFJWLW5TWHRoVG1WWUJBAAAAAAAAAAAA
        proxy_disable: false
        proxy_headers: {}
    host: 0.0.0.0
    port: 8220
    internal_port: 8221

@mdelapenya mdelapenya mentioned this issue Feb 7, 2022
Merged
8 tasks
@michel-laterman
Copy link

I've looked in the fleet-server logs for the instance and I can immediatly see that the service_token is being rejected (as expired):

{"log.level":"error","ecs.version":"1.6.0","service.name":"fleet-server","index":".fleet-policies","ctx":"index monitor","error.message":"elastic fail 401:security_exception:token expired","@timestamp":"2022-02-07T17:00:00.458Z","message":"failed checking new documents"}
{"log.level":"error","ecs.version":"1.6.0","service.name":"fleet-server","index":".fleet-actions","ctx":"index monitor","error.message":"elastic fail 401:security_exception:token expired","@timestamp":"2022-02-07T17:00:00.458Z","message":"failed checking new documents"}

@michel-laterman
Copy link

Through the dev console

GET /_security/service/elastic/fleet-server/credential

{
  "service_account" : "elastic/fleet-server",
  "count" : 0,
  "tokens" : { },
  "nodes_credentials" : {
    "_nodes" : {
      "total" : 1,
      "successful" : 1,
      "failed" : 0
    },
    "file_tokens" : { }
  }
}

For some reason the service_token that fleet-server uses expired (or was marked as expired)

@mdelapenya
Copy link
Contributor

That makes sense, Michel. As the scenarios are slow (simulating software flows usually is) it could be the case that the default 1200 expire timeout is reached.

Is there a way to create the tokens with longer expire time?

@michel-laterman
Copy link

@adam-stokes found: https://www.elastic.co/guide/en/elasticsearch/reference/current/service-accounts.html which states:

Service tokens never expire. You must actively delete them if they are no longer needed.

And so far my searching of the fleet-server repo does not show any way it can delete a token.

@mdelapenya
Copy link
Contributor

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-token.html

image

And it's possible to set the max timeout up to 60 mins: https://www.elastic.co/guide/en/elasticsearch/reference/current/security-settings.html#token-service-settings

We have pushed a commit to #2064 (fc29242)

I've looked in the fleet-server logs for the instance and I can immediatly see that the service_token is being rejected (as expired):

{"log.level":"error","ecs.version":"1.6.0","service.name":"fleet-server","index":".fleet-policies","ctx":"index monitor","error.message":"elastic fail 401:security_exception:token expired","@timestamp":"2022-02-07T17:00:00.458Z","message":"failed checking new documents"}
{"log.level":"error","ecs.version":"1.6.0","service.name":"fleet-server","index":".fleet-actions","ctx":"index monitor","error.message":"elastic fail 401:security_exception:token expired","@timestamp":"2022-02-07T17:00:00.458Z","message":"failed checking new documents"}

On the other hand, where did you find these logs? I was not able to get any occurrence in the Logs UI or in the container log.

@mdelapenya
Copy link
Contributor

@michel-laterman thanks for your super powers for finding the expiration issue, we were able to move forward and we merged #2064: it fixed the 400 errors, and fixed almost all the tests. There are only 1-2 failures that need our investigation.

Will close this issue as solved. Thanks again!

@ph
Copy link
Contributor

ph commented Feb 7, 2022

Thanks @michel-laterman and @mdelapenya

I've seen issues on master but I think they should be resolved with a new 8.2.0 snapshot build.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@adam-stokes adam-stokes

Labels
impact:critical Immediate priority; high value or cost to the product. priority:blocker Work is on-hold for a product team, business is at risk until resolution of issue size:S less than 1 day Team:Automation Label for the Observability productivity team triaged Triaged issues will end up in Backlog column in Robots GH Project
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ph @adam-stokes @mdelapenya @jlind23 @michel-laterman