Unable to Save Fleet Settings - Logstash Output

Elastic Stack Elastic Agent
1

I am experiencing issues with saving my Fleet settings Logstash Output . Despite multiple attempts, the configuration just won't save. Could this be related to using the free version? Has anyone else encountered this problem or have any insights on what might be causing this issue?

Any help or suggestions would be greatly appreciated!

image
image1910×918 92 KB

Thanks

2

What will not save? Your screenshot is in Japanese, can you provide more context or share it in English?

The basic license has a limitation that does not allow you to have a different output per policy, but you can use the logstash or kafka output if you want.

To do that you need to add an logstash output and set it as the default output for Logs and Monitoring, you need to have an elasticsearch output as well because the Fleet Server can only output to Elasticsearch, never to Logstash or Kafka.

After that you will see that your fleet policy will still be configured to send logs to Elasticsearch, but your other policies will only use the default output, which will be logstash now.

You need to have something like this in your Fleet output settings.

Screenshot from 2024-07-18 00-39-07
Screenshot from 2024-07-18 00-39-071822×334 40.2 KB

Then, your fleet server policy will have a configuration like this:

Screenshot from 2024-07-18 00-39-43
Screenshot from 2024-07-18 00-39-431239×594 113 KB

And any other policy will have an output like this:

Screenshot from 2024-07-18 00-40-06
Screenshot from 2024-07-18 00-40-061239×594 99 KB

3

After I input the Fleet Logstash Output configurations, including certificates, etc., and I want to Save and apply settings, the Save and apply settings button is currently grayed out and cannot be saved.

2024-07-18_13-11-41
2024-07-18_13-11-411751×919 171 KB

2024-07-18_13-08-03
2024-07-18_13-08-031920×919 170 KB

Normally, the Save and apply settings button should be blue, indicating that it can be saved.

2024-07-18_11-46-42
2024-07-18_11-46-42676×817 60.4 KB

I’m not quite sure why it cannot be saved.

4

There is a warning saying that Additional setup is required, your Kibana configuration is incomplete.

It mentions that you need to configure an encryption key before configuring the output, you won't be able to save it until you fix this.

Did you click in the learn more link?

It is probably related to the saved object encryption key, did you add one to your kibana.yml?

You need to add it or some things will not work, for more context check the documentation.

1 Like
5

Looking at the part of kibana code that generates this message, it is indeed related to the encryption key for saved objects in Kibana.

This is the part of the code:

      <FormattedMessage
        id="xpack.fleet.encryptionKeyRequired.calloutDescription"
        defaultMessage="You must configure an encryption key before configuring this output. {link}"
        values={{
          link: (
            <EuiLink href={docLinks.links.kibana.secureSavedObject} target="_blank" external>
              <FormattedMessage
                id="xpack.fleet.encryptionKeyRequired.link"
                defaultMessage="Learn more"
              />
            </EuiLink>
          ),
        }}
      />

The link mentions the saved objects:

kibana.secureSavedObject

So, you need to follow this doc and add an encryption key in your kibana.yml.

1 Like
6

The code you've shared is related to a warning in Kibana, specifically within the Fleet plugin, informing users that they must configure an encryption key for saved objects.

The message includes a link to Kibana's documentation, which explains how to configure the encryption key for secured saved objects. Kibana uses saved objects to persist user data, and the encryption key is needed to protect sensitive data.

Explanation of the Code:

  • FormattedMessage: Part of the react-intl library, which is used for internationalization. The id property (e.g., "xpack.fleet.encryptionKeyRequired.calloutDescription") is a unique key for translations, and defaultMessage is the fallback text if no translation is provided.
  • EuiLink: This component from Elastic UI (EUI) renders a clickable link. The href attribute points to the URL of the Kibana documentation (docLinks.links.kibana.secureSavedObject). The target="_blank" opens the link in a new tab, and the external attribute indicates that the link leads to an external website.
  • values: This object allows the FormattedMessage to include dynamic content. In this case, the {link} placeholder in defaultMessage is replaced by an actual link generated by the EuiLink component.

Issues to Look For:

  1. docLinks Undefined: Ensure that docLinks is properly imported and contains the correct path (docLinks.links.kibana.secureSavedObject) pointing to the Kibana documentation. If docLinks is undefined, the link won't work.
  2. Incorrect Translation ID: Ensure that the translation IDs (xpack.fleet.encryptionKeyRequired.calloutDescription and xpack.fleet.encryptionKeyRequired.link) are unique and match the corresponding translation files. If the IDs are incorrect, the message might not be translated or displayed properly.
  3. EUI Version Compatibility: The EuiLink component and the external prop must be supported by your version of Elastic UI. Make sure that your EUI version supports this usage.

Debugging Steps:

  • Check if docLinks is available: Log the value of docLinks.links.kibana.secureSavedObject to see if it’s correctly populated.
  • Verify Translation Files: Ensure that the translation keys (xpack.fleet.encryptionKeyRequired.calloutDescription and xpack.fleet.encryptionKeyRequired.link) are correctly defined in the translation JSON files.
  • Ensure EUI Link Props: Ensure that external and target="_blank" are used properly and supported by your version of EUI. You can check the EUI documentation for the correct prop usage.