Using Fleet to manage an agent with the AWS integration. Ingest and indexing is OK, getting tens of millions of logs from Transit Gateway via Cloudwatch, but they are not being processed through the ingest pipeline created during setup of assets for the AWS integration in Fleet. In the agent log, I see this error:
"Filebeat is unable to load the ingest pipelines for the configured modules because the Elasticsearch output is not configured/enabled. If you have already loaded the ingest pipelines or are using Logstash pipelines, you can ignore this warning"
but nothing else looks wrong. No sign of the pipeline failing or being processed at all. I've enabled retaining the original log, it stays as the "message" field. I've tried reinstalling the assets, tried different versions 8.14 and 8.16, tried a local PC and a VM in Azure, tried full agent uninstall/reinstall, created new policy from scratch with only AWS integration, then uninstalled/reinstalled AWS after deleting the policy and recreated policy. Nothing changes the outcome. Tried leaving the output blank, typing "default" and copying the default output to a new one. Same outcome. Any thoughts on what to try next? Anyone got a simple AWS log integration working with a Fleet managed agent? Using Elastic Cloud, so we have no access to the machines other than through the cloud management tools. Documentation has no examples of course. We've raised tickets, but not getting anywhere.
