I have successfully configured Fleet and have deployed a few elastic-agents in my infrastructure. When I go to Management - Fleet - Agents, select an agent, and then select logs, nothing shows.
However, if I go to Kibana - Discover and look at one of the indexes that the elastic-agent is sending data to (like logs-*), I can see data streaming in from the agent.
Are you wanting the JSON?
Or for me to just say that I've configured a policy that has like the IIS, Windows, System, and Microsoft integrations, as well as a separate policy that has the System, Auditd, iptables and squid integrations, etc...
I have multiple policies and they all have different integrations added to them to cover different situations and they all have the same log display issue.
I am facing the same problem. Installation has been done successfully with security. After adding I can see both fleet server and an elastic-agent server Healthy but no data in datastream. I have created a new policy with new names space. Assigned my fleet server and elastic-agent server to this newly created policy. This change was smooth and successful. Still no improvement in datastream. No error or problem has been shown in both the /var/log/elastic-log/* files.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.