fs1159 2024-03-21 18:43 采纳率: 0%
浏览 25

elastic使用fleet管理的agent代理看不到日志

使用8.11.1版本的elastic时,fleet管理的agent代理看不到日志。

img

img

如上图所示,我集成了基础的三个组件:system、fleet-server、apm。我的elastic是在内网环境使用,并配置了TLS安全。在下载了elastic-agent的安装包elastic-agent-8.11.1-linux-x86_64.tar.gz后,我进行解压后并未对解压文件中的elastic-agent.yml、filebeat和metricbeat再进行配置,使用的是默认配置,安装命令为:

sudo ./elastic-agent install --url=https://10.150.3.17:8220 \
  --fleet-server-es=https://10.150.3.17:9200 \
  --fleet-server-service-token=AAEAAWVsYXN0aWMvZmxlZXQtc2VydmVyL3Rva2VuLTE3MTA5MDAxNTM2MzI6RVdFZkU1c2VUNVNDeUdRQnUtaVdZQQ \
  --fleet-server-policy=cb94f700-e5db-11ee-9078-c1a49bee68db \
  --certificate-authorities=/home/elastic/downloads/beats/elastic-agent/fleet-server/ca.crt \
  --fleet-server-es-ca=/home/elastic/downloads/beats/elastic-agent/fleet-server/http.crt \
  --fleet-server-cert=/home/elastic/downloads/beats/elastic-agent/fleet-server/fleet-server.crt \
  --fleet-server-cert-key=/home/elastic/downloads/beats/elastic-agent/fleet-server/fleet-server.key \
  --fleet-server-port=8220 \
  --fleet-server-es-insecure \
  --insecure

查看服务日志错误信息为:

{"log.level":"error","@timestamp":"2024-03-21T09:32:04.443Z","message":"elastic-agent-client error: \
  rpc error: code = Canceled desc = context canceled","component": \
  {"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},  \
  "log":{"source":"filestream-monitoring"},"log.logger":"centralmgmt.V2-manager", \
  "log.origin":{"file.line":448,"file.name":"management/managerV2.go"},"service.name":"filebeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
  • 写回答

2条回答 默认 最新

  • 码农阿豪@新空间代码工作室 Java领域优质创作者 2024-03-21 18:43
    关注
    让阿豪来帮你解答,本回答参考chatgpt3.5编写提供,如果还有疑问可以评论或留言
    问题分析: 根据错误日志显示,elastic-agent-client出现错误,RPC错误代码为“Canceled desc = context canceled” 。可能是与fleet-server连接时出现问题。 解决方案:
    1. 检查fleet-server是否在线并正常工作。
    2. 检查agent是否有足够的权限访问fleet-server,包括网络、安全策略和证书等方面。
    3. 尝试更新elastic-agent版本,寻找最新可用版本,以确保与fleet-server兼容。
    4. 在agent的配置文件中检查并更正任何问题,并确保所有的配置项与fleet-server保持一致。 参考代码: 示例如下,其中fleet.enrollment_token对应fleet-server中的policy信息:
    fleet:
  ssl:
    certificate_authorities: /etc/elasticsearch/certs/ca.crt
    certificate: /etc/elasticsearch/certs/elastic-agent.crt
    key: /etc/elasticsearch/certs/elastic-agent.key
  kibana:
    protocol: https
    host: kibana.example.com:443
  output:
    elasticsearch:
      hosts:
      - https://es.example.com:9200
      username: elastic
      password: your_password
      ssl:
        verification_mode: none
  inputs:
  - id: system
    name: system
    description: System metrics from Elastic Agent
    type: system
  - id: logs
    name: logs
    description: Logs from Elastic Agent
    type: logs
    use_output: default
    use_template: default
    enabled: true
    streams:
    - id: logs-all
      data_stream:
        dataset: elastic_agent.logs
        type: logs
      input:
        type: logfile
        enabled: true
        paths:
        - /var/log/*.log
        exclude_files:
        - '*.gz'
      template:
        name: logs-datadog
        version: 0
  fleet:
    mode: standalone
    enrollment_token: xxxxxxxxxxxxx
    评论

报告相同问题?

问题事件

  • 创建了问题 3月21日

悬赏问题

  • ¥15 QQ邮箱过期怎么恢复?
  • ¥15 登录他人的vue项目显示服务器错误
  • ¥15 (标签-android|关键词-app)
  • ¥60 如何批量获取json的url
  • ¥15 comsol仿真压阻传感器
  • ¥15 Python线性规划函数optimize.linprog求解为整数
  • ¥15 llama3中文版微调
  • ¥15 pg数据库导入数据序列重复
  • ¥15 三分类机器学习模型可视化分析
  • ¥15 本地测试网站127.0.0.1 已拒绝连接,如何解决?(标签-ubuntu)