Summary
I noticed that when the ES host is updated in the agent yaml output, the change does not appear to be picked up by the agent for where to send its agent logs. Other data streams (like system ones) do appear to pick up the change and sends the data to the new location correctly.
outputs:
default:
type: elasticsearch
hosts:
- 'http://localhost:9201'
Steps
- Start Elasticsearch on non-default port, e.g. 9201
- Start Kibana with
--elasticsearch.hosts=http://localhost:9201 flag to point to ES
- Enroll agent into Fleet with Default policy
- Observe that no data (no agent logs or any other data streams) is ingested because Fleet defaults incorrectly to port 9200 for ES
- Update
Elasticsearch URL in Fleet settings flyout to the correct URL, http://localhost:9201
- Wait a bit for Default policy to update with new ES output and for enrolled agent to pick up the change
- Observe that system data streams start coming in, but Elastic Agent logs do not
If I uninstall that agent and enroll it again, the new agent does send its logs to the right ES, so it seems to only be a problem when the ES host is changed while the agent is already running.
Summary
I noticed that when the ES host is updated in the agent yaml output, the change does not appear to be picked up by the agent for where to send its agent logs. Other data streams (like system ones) do appear to pick up the change and sends the data to the new location correctly.
Steps
--elasticsearch.hosts=http://localhost:9201flag to point to ESElasticsearch URLin Fleet settings flyout to the correct URL,http://localhost:9201If I uninstall that agent and enroll it again, the new agent does send its logs to the right ES, so it seems to only be a problem when the ES host is changed while the agent is already running.