This is pretty straightforward as you can see :
I get this after trying to configure a logstash output on Fleet and going through all the steps.
I dont know what to do with this error message as it does not make sense to me honestly. WHy Logstash output cannot be used with Fleet Server integration if there's an option to add it and configure it there. Doesn't make sense.
As a side note, I saw this setup working properly in a video call I had recently, so I am sure it can work.
Any Ideas ?
Hello,
Which steps did you follow? Please share the link of the documentation you followed.
Also, in Which version are you?
If I'm not wrong there was a recent change to block setting Logstash as an output for a Fleet Server policy as it can only output to Elasticsearch.
A policy for a fleet server can not have Logstash as an output, but a policy for Elastic Agents can.
using current to date version (8.7)
I do not find documentation for using the UI to do this,
however this blog post covers the steps i've been through.
I tried to delete the fleet server integration that is added to Fleet Server policy and it worked
(the one marked below)
After that I was able to create the logstash output.
(Fun fact, I was able to recreate the deleted fleet server integration on the fleet server policy after that. Was expecting some kind of error, for consistency)
HOWEVER having to delete the fleet server integration in the fleet server policy violates the setup that is needed for Fleet in my understanding. SO this workaround still makes no sense to me.
Yeah, this is not official and it is based on an older version.
As mentioned, you cannot have a Logstash output on a Fleet Server Policy anymore.
It was a bit confusing but now I get it.
Logstash output needs to be created first on the general fleet settings, and only later on attributed to a policy (an agent policy)
Thanks for your insight
This is came up first for me when googling the error so just adding details.
I was trying to create a logstash output to assign to agents and got this error about a Fleet policy (which would not have used the output).
Hopefully fixed in 8.7.1. https://github.com/elastic/kibana/pull/153226
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
