I have successfully configured Fleet and have deployed a few elastic-agents in my infrastructure. When I go to Management - Fleet - Agents, select an agent, and then select logs, nothing shows.
However, if I go to Kibana - Discover and look at one of the indexes that the elastic-agent is sending data to (like logs-*), I can see data streaming in from the agent.
Am I missing something? We are running 7.13.2
I have discovered today that I can view the logs for my fleet agents in every configured "space" except the main (default reserved) one.
I cannot find any reason for this.
Could you please share which policies have you configured?
Are you wanting the JSON?
Or for me to just say that I've configured a policy that has like the IIS, Windows, System, and Microsoft integrations, as well as a separate policy that has the System, Auditd, iptables and squid integrations, etc...
I have multiple policies and they all have different integrations added to them to cover different situations and they all have the same log display issue.
I am facing the same problem. Installation has been done successfully with security. After adding I can see both fleet server and an elastic-agent server Healthy but no data in datastream. I have created a new policy with new names space. Assigned my fleet server and elastic-agent server to this newly created policy. This change was smooth and successful. Still no improvement in datastream. No error or problem has been shown in both the /var/log/elastic-log/* files.
Is it important to say that all of the policies integrations are configured to use the default namespace?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.