I have created Fleet output as Logstash but while assigning the output to the agent, I'm getting only Elasticsearch output (default). But I want to send the data from Elastic Agent to Logstash.
I have followed this link.
Please suggest
Hi @sanju1323,
You may be running into [Fleet] Prevent output changing types from Elasticsearch -> Logstash if a Fleet Server policy uses it · Issue #152234 · elastic/kibana · GitHub
fleet-server must output to an elasticsearch output, not a logstash output.
Hi @MichelLaterman,
Thanks for your response.
From the link that you have shared, I understand there is no option to send the data to Logstash as of now.
But, in my architecture, we have some mutations to be applied using Logstash and send it to Elasticsearch. So, can you please suggest some workaround to achieve this.
Or if we have license, is it possible to send the data to Logstash?
Can you please suggest on the way forward.
What are you collecting with the Elastic Agent?
Maybe you can switch to use Filebeat/Winlogbeat instead of the Agent.
We are actually planning to migrate from Beats to Elastic Agents. And in our architecture, we are sending data to Logstash and add few things and modify few fields and then send it to Elastic
What are you adding? Depending on what are the transformations you are doing in Logstash you could migrate them to an ingest pipeline in Elasticsearch.
I had the same plan of moving from beats/logstash to Elastic Agent, but after we started looking and using at Elastic Agent we decided to use it only for simple things, mostly integrations from SaaS data, it is too limited in terms of inputs and outputs and any custom change you need to do in templates or ingest pipelines it is a lot of work.
The Agent helps you add data to Elasticearch pretty fast, but everything else is a nightmare.
I'm also not sure the integration between the agent and Logstash will improve since the goal for Elastic seems to have the Agent closely tied with Elasticsearch and Logstash has not get much love from Elastic in the last couple of years.
Hi,
There looks like there is a little confusion.
The things that gather data can use logstash as an output (you can set this per integration).
However, the fleet-server itself cannot.
If I'm correct you can set it per policy and not per integration.
But policies can contain multiple integration and they will output all to the same.
It would be nice though to be able to do that per integration, but that would mean that the agent has multiple outputs.
Kind regards,
Peter
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.