Where to find the Custom Logs (Filestream) integration?

Elastic Stack Elastic Agent
1

We’re trying to run an Air Gapped EPR registry v.1.37.0 with a minimal set of selected integration packages, but kibana v.8.19.9 first of all shows a larger(e) set of integrations (wondering why?) to select among in the UI Kibana→Fleet→Policy-Add integration and even with below listed EPR packages, we don’t seem to be able to find ‘Custom Logs (Filestream)’ which we’ll like to be able to migrate from current local filebeat filestream inputs to Agent Policies.

Hints are much appreciated, TIA.

Our Air gapped EPR holds these:

$ curl -s http://localhost/search | jq .[].name
"log"
"filestream"
"elastic_agent"
"endpoint"
"synthetics"
"synthetics_dashboards"
"elasticsearch"
"fleet_server"
"kibana"
"osquery"
"osquery_manager"
"system"

Offical EPR registry seems to have these matching ‘file|cust’:

$ curl -s -X GET https://epr.elastic.co/search | jq .[].name | egrep -i 'file|cust'
"filestream"
"ti_custom"
"filelog_otel"
"profiler_agent"
"profiler_collector"
"profiler_symbolizer"
2

I'm not sure how Air Gapped EPR works, but the Custom Logs (Filestream) is the filestream package.

From the manifest in github.

format_version: 3.1.5
name: filestream
title: Custom Logs (Filestream)
description: Collect log data using filestream with Elastic Agent.
type: input
1 Like
3

Thanks, but we got filestream in our EPR, only it does show up in our v.8.19 kibana fleet integrations UI to able selection for adding into an Agent Policy. ChatGPT says it’s maybe because:

  • The filestream package you see is just the low-level input type provider, not a Kibana-visible integration

Wondering why ‘Custom Logs (Filestream)’ does show up?

Also any clues on how to have Kibana only show packages in our air gapped EPR registry rather than what seems a random default selection?

4

:confused: seems filestream v.2.3.0 isn’t compatible with v.8 but requires +v.9.2:

$ curl -s http://localhost/search?package=filestream | jq .
[
  {
    "name": "filestream",
    "title": "Custom Logs (Filestream)",
    "version": "2.3.0",
    "release": "ga",
    "description": "Collect log data using filestream with Elastic Agent.",
    "type": "input",
    "download": "/epr/filestream/filestream-2.3.0.zip",
    "path": "/package/filestream/2.3.0",
    "icons": [
      {
        "src": "/img/icon.svg",
        "path": "/package/filestream/2.3.0/img/icon.svg",
        "type": "image/svg+xml"
      }
    ],
    "policy_templates": [
      {
        "name": "filestream",
        "title": "Custom Filestream Logs",
        "description": "Collect log data from filestream with Elastic Agent."
      }
    ],
    "conditions": {
      "kibana": {
        "version": "^9.2.0"
      }
    },
    "owner": {
      "type": "elastic",
      "github": "elastic/elastic-agent-data-plane"
    },
    "categories": [
      "custom",
      "custom_logs"
    ],
    "signature_path": "/epr/filestream/filestream-2.3.0.zip.sig"
  }
]

is there a version of filestream package that is compatible with v.8.19?

5

Yeap way back :slight_smile:

$ curl -s 'https://epr.elastic.co/search?package=filestream&all=true' | jq -r '.[] | " \(.version) \(.conditions)"'
 0.0.1 {"kibana":{"version":"^8.15.0"}}
 0.1.0 {"kibana":{"version":"^8.15.0 || ^9.0.0"}}
 1.0.1 {"kibana":{"version":"^8.15.0 || ^9.0.0"}}
 1.1.0 {"kibana":{"version":"^8.15.0 || ^9.0.0"}}
 1.1.1 {"kibana":{"version":"^8.15.0 || ^9.0.0"}}
 1.1.2 {"kibana":{"version":"^8.15.0 || ^9.0.0"}}
 1.1.3 {"kibana":{"version":"^8.15.0 || ^9.0.0"}}
 1.1.4 {"kibana":{"version":"^8.15.0 || ^9.0.0"}}
 1.1.5 {"kibana":{"version":"^8.15.0 || ^9.0.0"}}
 1.2.0 {"kibana":{"version":"^8.15.0 || ^9.0.0"}}
 1.3.0 {"kibana":{"version":"^9.2.0"}}
 2.0.1 {"kibana":{"version":"^9.2.0"}}
 2.1.0 {"kibana":{"version":"^9.2.0"}}
 2.1.1 {"kibana":{"version":"^9.2.0"}}
 2.1.2 {"kibana":{"version":"^9.2.0"}}
 2.2.0 {"kibana":{"version":"^9.2.0"}}
 2.3.0 {"kibana":{"version":"^9.2.0"}}
 2.3.1 {"kibana":{"version":"^9.2.0"}}
 2.3.2 {"kibana":{"version":"^9.2.0"}}
 2.3.3 {"kibana":{"version":"^9.2.0"}}

Installing v.1.2.0 now shows up in our v.8.19 Kibana UI :eyes:

6

Yeah, some integration versions will have a Kibana minimum requirement, if you keep only the last version on EPR, not sure how it works, they may not show up.