Troubleshoot logs

edit

This section provides possible solutions for errors you might encounter while onboarding your logs.

User does not have permissions to create API key

edit

If you don’t have the required privileges to create an API key, you’ll see the following error message:

User does not have permissions to create API key.

Required cluster privileges are [`monitor`, `manage_own_api_key`] and
required index privileges are [`auto_configure`, `create_doc`] for
indices [`logs-*-*`, `metrics-*-*`], please add all required privileges
to the role of the authenticated user.
Solution
edit

You need to either:

  • Have an administrator give you the monitor and manage_own_api_key cluster privileges and the auto_configure and create_doc indices privileges. Once you have these privileges, restart the onboarding flow.
  • Get an API key from an administrator and manually add the API to the Elastic Agent configuration. See Configure the Elastic Agent for more on manually updating the configuration and adding the API key.

Failed to create API key

edit

If you don’t have the privileges to create savedObjects in Kibana, you’ll see the following error message:

Failed to create API key

Something went wrong: Unable to create observability-onboarding-state
Solution
edit

You need an administrator to give you the Saved Objects Management Kibana privilege to generate the required observability-onboarding-state flow state. Once you have the necessary privileges, restart the onboarding flow.

Kibana not accessible from host

edit

If Kibana is not accessible from the host, you’ll see the following error message after pasting the Install the Elastic Agent instructions into the host:

Failed to connect to {host} port {port} after 0 ms: Connection refused
Solution
edit

The host needs access to Kibana. Port 443 must be open and the deployment’s Elasticsearch endpoint must be reachable. Locate your project’s endpoint from Help menu (help icon) → Connection details.

Run the following command, replacing the URL with your endpoint, and you should get an authentication error with more details on resolving your issue:

curl https://your-endpoint.elastic.cloud

Download Elastic Agent failed

edit

If the host was able to download the installation script but cannot connect to the public artifact repository, you’ll see the following error message:

Download Elastic Agent

Failed to download Elastic Agent, see script for error.
Solutions
edit
  • If the combination of the Elastic Agent version and operating system architecture is not available, you’ll see the following error message:

    The requested URL returned error: 404

    To fix this, update the Elastic Agent version in the installation instructions to a known version of the Elastic Agent.

  • If the Elastic Agent was fully downloaded previously, you’ll see the following error message:

    Error: cannot perform installation as Elastic Agent is already running from this directory

    To fix this, delete previous downloads and restart the onboarding.

  • You’re an Elastic Cloud Enterprise user without access to the Elastic downloads page.

Install Elastic Agent failed

edit

If an Elastic Agent already exists on your host, you’ll see the following error message:

Install Elastic Agent

Failed to install Elastic Agent, see script for error.
Solution
edit

You can uninstall the current Elastic Agent using the elastic-agent uninstall command, and run the script again.

Uninstalling the current Elastic Agent removes the entire current setup, including the existing configuration.

Waiting for Logs to be shipped…​ step never completes

edit

If the Waiting for Logs to be shipped…​ step never completes, logs are not being shipped to Elasticsearch, and there is most likely an issue with your Elastic Agent configuration.

Solution
edit

Inspect the Elastic Agent logs for errors. See the Debug standalone Elastic Agents documentation for more on finding errors in Elastic Agent logs.