Hey there!
Here's my scenario:
- Elasticsearch, Kibana, and Fleet server deployed in Docker.
- A Windows host in VMware (bridge).
- All systems sharing the same physical host.
I'm trying to send the Windows logs to ES. The agent is enrolled with success but no logs are seen in Kibana. Analyzing the Elastic Agent logs in Windows, I noticed it's trying to send logs to the ES internal address (in Docker). It seems I must to change the output to the [physical] host's IP address and let the port mapping forward the data to ES via port 9200.
The problem is that using Kibana's UI I'm not able to change the default output because (sic.) it's defined in kibana.yml. I've found this thread indicating that removing some xpack.fleet parameters (xpack.fleet.outputs and xpack.fleet.agents.elasticsearch.hosts) would allow me to make that change.
But it's not clear to me how to do that. I'm also wondering if there's any means of running Kibana in Docker without these parameters, like using any environment variable (--env). I run Kibana with the following command:
docker run \
--detach \
--name kib01 \
--net elastic \
--publish 5601:5601 \
--env XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY=adec696239a6319964a3509cb5a5f042 \
--env XPACK_SECURITY_ENCRYPTIONKEY=e3e221fe32f1d58565b954ef09eef1d1 \
--env XPACK_REPORTING_ENCRYPTIONKE=b398c35a6bcbc44b39b41150817452b2 \
docker.elastic.co/kibana/kibana:8.15.0
Can anyone help me here?
