I am experiencing issues with saving my Fleet settings Logstash Output . Despite multiple attempts, the configuration just won't save. Could this be related to using the free version? Has anyone else encountered this problem or have any insights on what might be causing this issue?
Any help or suggestions would be greatly appreciated!
Thanks
What will not save? Your screenshot is in Japanese, can you provide more context or share it in English?
The basic license has a limitation that does not allow you to have a different output per policy, but you can use the logstash or kafka output if you want.
To do that you need to add an logstash output and set it as the default output for Logs and Monitoring, you need to have an elasticsearch output as well because the Fleet Server can only output to Elasticsearch, never to Logstash or Kafka.
After that you will see that your fleet policy will still be configured to send logs to Elasticsearch, but your other policies will only use the default output, which will be logstash now.
You need to have something like this in your Fleet output settings.
Then, your fleet server policy will have a configuration like this:
And any other policy will have an output like this:
After I input the Fleet Logstash Output configurations, including certificates, etc., and I want to Save and apply settings, the Save and apply settings button is currently grayed out and cannot be saved.
Normally, the Save and apply settings button should be blue, indicating that it can be saved.
I’m not quite sure why it cannot be saved.
There is a warning saying that Additional setup is required, your Kibana configuration is incomplete.
It mentions that you need to configure an encryption key before configuring the output, you won't be able to save it until you fix this.
Did you click in the learn more link?
It is probably related to the saved object encryption key, did you add one to your kibana.yml?
You need to add it or some things will not work, for more context check the documentation.
Looking at the part of kibana code that generates this message, it is indeed related to the encryption key for saved objects in Kibana.
This is the part of the code:
<FormattedMessage
id="xpack.fleet.encryptionKeyRequired.calloutDescription"
defaultMessage="You must configure an encryption key before configuring this output. {link}"
values={{
link: (
<EuiLink href={docLinks.links.kibana.secureSavedObject} target="_blank" external>
<FormattedMessage
id="xpack.fleet.encryptionKeyRequired.link"
defaultMessage="Learn more"
/>
</EuiLink>
),
}}
/>
The link mentions the saved objects:
kibana.secureSavedObject
So, you need to follow this doc and add an encryption key in your kibana.yml.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.