From a21b40e3aa81fd0790214590f153502195454e79 Mon Sep 17 00:00:00 2001 From: Visha Angelova Date: Sat, 5 Jul 2025 16:54:32 +0300 Subject: [PATCH 1/7] Update the "Remote Elasticsearch output" doc --- .../fleet/remote-elasticsearch-output.md | 284 ++++++++++++------ 1 file changed, 190 insertions(+), 94 deletions(-) diff --git a/reference/fleet/remote-elasticsearch-output.md b/reference/fleet/remote-elasticsearch-output.md index 9086c08abf..39e3ae064a 100644 --- a/reference/fleet/remote-elasticsearch-output.md +++ b/reference/fleet/remote-elasticsearch-output.md @@ -1,73 +1,91 @@ --- +navigation_title: Remote Elasticsearch output mapped_pages: - https://www.elastic.co/guide/en/fleet/current/remote-elasticsearch-output.html +description: Remote ES output allows you to send agent data to a remote cluster, keeping data separate and independent from the deployment where you use Fleet. +applies_to: + stack: ga + deployment: + eck: ga + ess: ga + ece: ga + self: ga products: - id: fleet - id: elastic-agent --- -# Remote Elasticsearch output [remote-elasticsearch-output] +# Remote {{es}} output [remote-elasticsearch-output] -Remote {{es}} outputs allow you to send {{agent}} data to a remote {{es}} cluster. This is especially useful for data that you want to keep separate and independent from the deployment where you use {{fleet}} to manage the agents. +Remote {{es}} outputs allow you to send {{agent}} data to a remote {{es}} cluster. This is especially useful for data that you want to keep separate and independent from the deployment where you use {{fleet}} to manage the {{agent}}s. A remote {{es}} cluster supports the same [output settings](/reference/fleet/es-output-settings.md) as your main {{es}} cluster. -::::{note} -This feature is part of the Enterprise subscription offering under the name of **Per Integration output assignment**. Refer to [Subscriptions](https://www.elastic.co/subscriptions) for more information. -:::: - ## Limitations These limitations apply to remote {{es}} output: -* Using a remote {{es}} output with a target cluster that has [traffic filters](/deploy-manage/security/traffic-filtering.md) enabled is not currently supported. -* Using {{elastic-defend}} is currently not supported when a remote {{es}} output is configured for an agent. +* Using the remote {{es}} output with a remote cluster that has [traffic filters](/deploy-manage/security/traffic-filtering.md) enabled is not currently supported. +* Using {{elastic-defend}} when a remote {{es}} output is configured for an {{agent}} is not currently supported. -## Configuration +## Configuration [remote-output-config] To configure a remote {{es}} cluster for your {{agent}} data: -1. In {{fleet}}, open the **Settings** tab. +1. In your main {{es}} cluster (Cluster A), open {{kib}}, and search for **Fleet settings** in the search bar. Select **Fleet/Settings** in the results. 2. In the **Outputs** section, select **Add output**. -3. In the **Add new output** flyout, provide a name for the output and select **Remote Elasticsearch** as the output type. -4. In the **Hosts** field, add the URL that agents should use to access the remote {{es}} cluster. - - 1. To find the remote host address, in the remote cluster open {{kib}} and go to **Management → {{fleet}} → Settings**. - 2. Copy the **Hosts** value for the default output. - 3. Back in your main cluster, paste the value you copied into the output **Hosts** field. - -5. Create a service token to access the remote cluster. - - 1. Below the **Service Token** field, copy the API request. - 2. In the remote cluster, open the {{kib}} menu and go to **Management > Dev Tools**. - 3. Run the API request. - 4. Copy the value for the generated token. - 5. Back in your main cluster, paste the value you copied into the output **Service Token** field. - - ::::{note} - To prevent unauthorized access the {{es}} Service Token is stored as a secret value. While secret storage is recommended, you can choose to override this setting and store the password as plain text in the agent policy definition. Secret storage requires {{fleet-server}} version 8.12 or higher. This setting can also be stored as a secret value or as plain text for preconfigured outputs. See [Preconfiguration settings](kibana://reference/configuration-reference/fleet-settings.md#_preconfiguration_settings_for_advanced_use_cases) in the {{kib}} Guide to learn more. - :::: - -6. Choose whether integrations should automatically be synchronized on the remote {{es}} cluster. Refer to [Automatic integrations synchronization](#automatic-integrations-synchronization) below to configure this feature. -7. Choose whether or not the remote output should be the default for agent integrations or for agent monitoring data. When set, {{agents}} use this output to send data if no other output is set in the [agent policy](/reference/fleet/agent-policy.md). -8. Select which [performance tuning settings](/reference/fleet/es-output-settings.md#es-output-settings-performance-tuning-settings) you’d prefer in order to optimize {{agent}} for throughput, scale, or latency, or leave the default `balanced` setting. -9. Add any [advanced YAML configuration settings](/reference/fleet/es-output-settings.md#es-output-settings-yaml-config) that you’d like for the output. +3. In the **Add new output** flyout, provide a name for the output, and select **Remote Elasticsearch** as the output type. +4. In the **Hosts** field, add the URL that {{agent}}s should use to access the remote {{es}} cluster (Cluster B). + + ::::{dropdown} Find the remote host address of the remote cluster + :open: + 1. In the remote cluster (Cluster B), open {{kib}}, and search for **Fleet settings** in the search bar. Select **Fleet/Settings** in the results. + 2. In the **Outputs** section, copy the `Hosts` value of the default {{es}} output. If the value is not visible in full, edit the default {{es}} output to display the full value. + 3. In your main cluster (Cluster A), paste the value you copied into the **Hosts** field of the remote output configuration. + :::: + +5. In the **Service Token** field, add a service token to access the remote cluster (Cluster B). + + ::::{dropdown} Create a service token to access the remote cluster + :open: + 1. Copy the API request located below the **Service Token** field. + 2. In the remote cluster (Cluster B), open the {{kib}} menu, then go to **Management** → **Dev Tools** in self-managed deployments, or to **Developer tools** in {{ecloud}} deployments. + 3. Paste the API request in the console, then run it. + 4. Copy the value for the generated service token. + 5. In the main cluster (Cluster A), paste the value you copied into the **Service Token** field of the remote output configuration. + :::: + + ::::{note} + To prevent unauthorized access, the {{es}} Service Token is stored as a secret value. While secret storage is recommended, you can choose to override this setting, and store the password as plain text in the agent policy definition. Secret storage requires {{fleet-server}} version 8.12 or higher. This setting can also be stored as a secret value or as plain text for preconfigured outputs. To learn more about this option, check [Preconfiguration settings](kibana://reference/configuration-reference/fleet-settings.md#_preconfiguration_settings_for_advanced_use_cases). + :::: + +6. Choose whether integrations should be automatically synchronized on the remote {{es}} cluster (Cluster B). To configure this feature, refer to the [Automatic integrations synchronization](#automatic-integrations-synchronization) section. + + ::::{note} + This feature is only available with certain subscriptions. For more information, check [Subscriptions](https://www.elastic.co/subscriptions). + :::: + +7. Choose whether the remote output should be the default for agent integrations or for agent monitoring data. When set as the default, {{agents}} use this output to send data if no other output is set in the [agent policy](/reference/fleet/agent-policy.md). +8. Select the [performance tuning settings](/reference/fleet/es-output-settings.md#es-output-settings-performance-tuning-settings) to optimize {{agent}}s for throughput, scale, or latency, or leave the default `balanced` setting. +9. Add any [advanced YAML configuration settings](/reference/fleet/es-output-settings.md#es-output-settings-yaml-config) that you’d like for the remote output. 10. Click **Save and apply settings**. -After the output is created, you can update an {{agent}} policy to use the new output and send data to the remote {{es}} cluster: +After the output is created, you can update an {{agent}} policy to use the new output, and send data to the remote {{es}} cluster: -1. In {{fleet}}, open the **Agent policies** tab. -2. Click the agent policy to edit it, then click **Settings**. +1. In the main cluster (Cluster A), go to **{{fleet}}**, then open the **Agent policies** tab. +2. Click the agent policy you want to update, then click **Settings**. 3. To send integrations data, set the **Output for integrations** option to use the output that you configured in the previous steps. 4. To send {{agent}} monitoring data, set the **Output for agent monitoring** option to use the output that you configured in the previous steps. 5. Click **Save changes**. -The remote {{es}} cluster is now configured. +The remote {{es}} output is now configured for the remote cluster (Cluster B). -If you have chosen not to automatically synchronize integrations, you need to make sure that for any integrations that have been [added to your {{agent}} policy](/reference/fleet/add-integration-to-policy.md), the integration assets have been installed on the remote {{es}} cluster. Refer to [Install and uninstall {{agent}} integration assets](/reference/fleet/install-uninstall-integration-assets.md) for the steps. +If you choose not to synchronize integrations automatically, you need to make sure that for any integrations that are [added to your {{agent}} policy](/reference/fleet/add-integration-to-policy.md), the integration assets are also installed on the remote {{es}} cluster. For detailed steps on this process, refer to [Install and uninstall {{agent}} integration assets](/reference/fleet/install-uninstall-integration-assets.md). ::::{note} -When you use a remote {{es}} output, {{fleet-server}} performs a test to ensure connectivity to the remote cluster. The result of that connectivity test is used to report the ES Remote output as healthy or unhealthy on the **Fleet** > **Settings** > **Outputs** page, under the **Status** column. In some cases, the remote {{es}} output used for data from {{agent}} may be reachable only by those agents and not by {{fleet-server}}, so the unhealthy state and an associated `Unable to connect` error that appears on the UI can be ignored. +When you use a remote {{es}} output, {{fleet-server}} performs a test to ensure connectivity to the remote cluster. The result of that connectivity test is used to report whether the remote output is healthy or unhealthy, and is displayed on the **{{fleet}}** → **Settings** → **Outputs** page, in the **Status** column. + +In some cases, the remote {{es}} output used for {{agent}} data can be reached by the {{agent}}s but not by {{fleet-server}}. In those cases, you can ignore the resulting unhealthy state of the output and the associated `Unable to connect` error on the UI. :::: ## Automatic integrations synchronization @@ -76,109 +94,187 @@ When you use a remote {{es}} output, {{fleet-server}} performs a test to ensure stack: ga 9.1 ``` -When enabled, this feature keeps integrations synced between your main {{es}} cluster and remote {{es}} clusters. +When enabled, this feature keeps integrations and custom assets synchronized between your main {{es}} cluster and one or more remote {{es}} clusters. + +::::{note} +This feature is only available with certain subscriptions. For more information, check [Subscriptions](https://www.elastic.co/subscriptions). +:::: ### Requirements -This feature requires setting up [{{ccr}}](/deploy-manage/tools/cross-cluster-replication.md), which is available to Platinum and Enterprise [subscriptions](https://www.elastic.co/subscriptions). Remote clusters must be running the same version of {{es}} as the main cluster or a newer version that is compatible with {{ccr}}. +* This feature requires setting up [{{ccr}}](/deploy-manage/tools/cross-cluster-replication.md). +* Remote clusters must be running the same {{es}} version as the main cluster, or a newer version that supports {{ccr}}. +* To install integrations, remote clusters require access to the [{{package-registry}}](/reference/fleet/index.md#package-registry-intro). -Remote clusters require access to the [{{package-registry}}](/reference/fleet/index.md#package-registry-intro) to install integrations. +### Configure {{ccr}} on the remote cluster -### Configuration +In your remote cluster (Cluster B): -1. Configure {{ccr}} on the remote cluster. +1. Open the {{kib}} menu, and go to **Management** → **Stack Management** → **Remote Clusters**. +2. Select **Add a remote cluster**, then follow the steps to add your main cluster (where the remote {{es}} output is configured) as a remote cluster. - 1. In the remote cluster, open the {{kib}} menu and go to **Stack Management > Remote Clusters**. - 2. Refer to [Remote clusters](/deploy-manage/remote-clusters/remote-clusters-self-managed.md) to add your main cluster (where the remote {{es}} output is configured) as a remote cluster. - 3. Go to **Stack Management > Cross-Cluster Replication**. - 4. Create a follower index named `fleet-synced-integrations-ccr-` that replicates the `fleet-synced-integrations` leader index on the main cluster. - 5. Resume replication once the follower index is created. + ::::{note} + When prompted to add the remote cluster's _remote address_, enter your main cluster's proxy address: + + 1. In your main cluster (Cluster A), go to **Deployment** → **Manage this deployment** → **Security** (or go to `deployments//security`). + 2. Scroll to the **Remote cluster parameters** section, then copy the **Proxy Address**. + 3. In your remote cluster (Cluster B), enter the copied value in the **Remote address** field of the remote cluster setup. + :::: -2. In the main cluster, in the **Remote Kibana URL** field, add the Kibana URL of the remote cluster. + Refer to [Remote clusters](/deploy-manage/remote-clusters.md) for more details on how to add your main cluster (Cluster A) as a remote cluster. -3. Create an API key to access Kibana on the remote cluster. +3. After the remote cluster is added, go to **Management** → **Stack Management** → **Cross-Cluster Replication**. +4. In the **Follower indices** tab, create a follower index named `fleet-synced-integrations-ccr-` that replicates the `fleet-synced-integrations` leader index on the main cluster. Replace `` with the name you provided in the remote output configuration. +5. Resume replication once the follower index is created. - 1. Below the **Remote Kibana API Key** field, copy the API request. - 2. In the remote cluster, open the {{kib}} menu and go to **Management > Dev Tools**. - 3. Run the API request. - 4. Copy the encoded value of the generated API key. - 5. Back in the main cluster, paste the value you copied into the **Remote Kibana API Key** field. + For more detailed instructions, refer to the [Set up cross-cluster replication](/deploy-manage/tools/cross-cluster-replication/set-up-cross-cluster-replication.md) guide. + +### Configure the integrations synchronization [integrations-sync-config] +1. In your main {{es}} cluster (Cluster A), open {{kib}}, and search for **Fleet settings** in the search bar. Select **Fleet/Settings** in the results. +2. In the **Outputs** section, edit the remote output for which you want to enable the automatic integrations synchronization. +3. Enable **Synchronize integrations**. 4. Choose whether uninstalled integrations should also be uninstalled on the remote cluster. +5. In the remote output configuration on the main cluster (Cluster A), add the {{kib}} URL of the remote cluster (Cluster B) in the **Remote Kibana URL** field. +6. In the **Remote Kibana API Key** field, add an API key to access Kibana on the remote cluster (Cluster B). + + ::::{dropdown} Create an API Key to access Kibana on the remote cluster + :open: + 1. Copy the API request located below the **Remote Kibana API Key** field. + 2. In the remote cluster (Cluster B), open the {{kib}} menu, then go to **Management** → **Dev Tools** in self-managed deployments, or to **Developer tools** in {{ecloud}} deployments. + 3. Paste the API request in the console, then run it. + 4. Copy the encoded value of the generated API key. + 5. In the main cluster (Cluster A), paste the value you copied into the **Remote Kibana API Key** field of the remote output configuration. + :::: -### Troubleshooting +7. Click **Save and apply settings**. -When integration syncing is enabled for a remote {{es}} output, the current sync status is reported in **{{fleet}} Settings** in the **Outputs** table. To see a detailed breakdown of the integration syncing status, click on the **Integration syncing** status badge. +You have now configured the automatic integrations synchronization between your main cluster (Cluster A) and your remote cluster (Cluster B). -You can also use the API to view the list of synced integrations with their sync status: +### Verify the integrations synchronization [verify-integrations-sync] -1. In the main cluster, go to **{{fleet}} Settings** and edit the remote {{es}} output to check. +When the integration synchronization is enabled for a remote {{es}} output, the current sync status is reported in **{{fleet}}** → **Settings**, in the **Outputs** section. To see a detailed breakdown of the integration syncing status, click the output's status in the **Integration syncing** column. The **Integrations syncing status** flyout opens with a list of the integrations and any custom assets in your main cluster and their current sync status. -2. Copy the output ID from the address in your browser. +You can also use the API to view the list of synced integrations with their sync status: -3. Go to **Management > Dev Tools**. +1. In the main cluster (Cluster A), go to **{{fleet}}** → **Settings**, then open the remote {{es}} output to display its ID. +2. Copy the output ID from the address bar in your browser. +3. Go to **Management** → **Dev Tools** in self-managed deployments, or to **Developer tools** in {{ecloud}} deployments. +4. Run the following query, replacing `` with the copied output ID: -4. Run the following query using the copied output ID: ```sh GET kbn:/api/fleet/remote_synced_integrations//remote_status ``` - This should return the list of synced integrations with their sync status. + + This API call returns the list of synced integrations with their sync status. ::::{note} -Syncing can take up to five minutes after an integration is installed, updated, or removed on the main cluster. +Synchronization can take up to five minutes after an integration is installed, updated, or removed on the main cluster. :::: +### View remote cluster data + +After the integrations synchronization feature is set up, the following {{ccs}} data views become available for each remote cluster that you configure: + +- `:logs-*` +- `:metrics-*` + +To display these data views, open {{kib}} in your main {{es}} cluster, then go to **Management** -> **Stack management** → **Data Views**. + +### Troubleshooting + +In this section, you can find tips for resolving the following issues: + +- [Integration syncing status failure](#integration-syncing-status-failure) +- [Integrations are not installed on the remote cluster](#integrations-are-not-installed-on-the-remote-cluster) +- [Uninstalled integrations are not uninstalled on the remote cluster](#uninstalled-integrations-are-not-uninstalled-on-the-remote-cluster) +- [Integration syncing fails with a retention leases error](#integration-syncing-fails-with-a-retention-leases-error) #### Integration syncing status failure -If integration syncing reports connection errors or fails to report the syncing status, take the following steps to verify your setup. +If the integration syncing reports connection errors or fails to report the syncing status, follow these steps to verify your setup: 1. In the remote cluster, check the integration sync status using the API: - 1. Go to **Management > Dev Tools**. + 1. Go to **Management** → **Dev Tools**, or to **Developer tools** in {{ecloud}} deployments. 2. Run the following query: + ```sh GET kbn:/api/fleet/remote_synced_integrations/status ``` - This should return the list of synced integrations with their sync status. -2. If the above query returns an error, verify your setup on the remote cluster: + This API call returns the list of synced integrations with their sync status. + +2. If the above query returns an error, verify your setup: + + - ::::{dropdown} Verify your setup in the remote cluster + :open: + 1. In the remote cluster (Cluster B), go to **Management** → **Stack Management** → **Remote Clusters**. + 2. Check that the main cluster (Cluster A) is connected as a remote cluster. + 3. Go to **Management** → **Stack Management** → **Cross-Cluster Replication**. + 4. Check that {{ccr}} using the main cluster as remote is correctly set up and is active. In particular, check that the name of the follower index `fleet-synced-integrations-ccr-` contains the name of the remote {{es}} output configured on the main cluster (Cluster A). + :::: + - ::::{dropdown} Verify your setup in the main cluster + :open: + 1. In the main cluster (Cluster A), go to **{{fleet}}** → **Settings**. + 2. In the **Outputs** section, check that the remote {{es}} output is healthy. In particular, check that the remote {{es}} output's host URL matches the host URL of an {{es}} output on the remote cluster (Cluster B). + 3. Edit the remote {{es}} output, and check if the remote {{kib}} URL is correct, as well as the validity and privileges of the remote {{kib}} API key. + + Note that an incorrect value in either of these fields does not cause the output to become unhealthy, but it affects the integration synchronization. + :::: - 1. Go to **Stack Management > Remote Clusters**. - 2. Check that the main cluster is connected as a remote cluster. - 4. Go to **Stack Management > Cross-Cluster Replication**. - 3. Check that {{ccr}} using the main cluster as remote is correctly set up and active. In particular, check that the name of the follower index `fleet-synced-integrations-ccr-` contains the name of the remote {{es}} output on the main cluster. +#### Integrations are not installed on the remote cluster -3. Verify your setup in the main cluster: +1. In the main cluster (Cluster A), look for errors in the integration syncing status of the remote {{es}} output in **{{fleet}}** → **Settings**, or use the API as described in the [Verify the integrations synchronization](#verify-integrations-sync) section. - 1. In {{fleet}}, open the **Settings** tab. - 1. Check that the remote {{es}} output is healthy. In particular, check that the remote host URL matches one of the {{es}} hosts on the remote cluster. - 2. Edit the remote {{es}} output and check that the remote {{kib}} URL is correct, as well as the validity and privileges of the remote {{kib}} API key. Note that an incorrect value in either of these fields will not cause the output to become unhealthy, but will affect integration syncing. +2. Check the contents of the leader index: -#### Integrations are not installed on the remote cluster + 1. Go to **Management** → **Dev Tools**, or to **Developer tools** in {{ecloud}} deployments. + 2. Run the following query: + + ```sh + GET fleet-synced-integrations/_search + ``` -1. In the main cluster, look for errors in the integration syncing status of the remote {{es}} output in {{fleet}} **Settings** or using the API as described [previously](#troubleshooting). + The response payload includes the list of integrations with their install status. -2. Check the contents of the leader index: +3. In the remote cluster (Cluster B), check the contents of the follower index: - 1. Go to **Management > Dev Tools**. - 2. Run the following query - ```sh - GET fleet-synced-integrations/_search - ``` - The response payload should include the list of integrations with their install status. + 1. Go to **Management** → **Dev Tools**, or to **Developer tools** in {{ecloud}} deployments. + 2. Run the following query, replacing `` with the name of the remote {{es}} output configured on the main cluster (Cluster A): -3. In the remote cluster, check the contents of the follower index: + ```sh + GET fleet-synced-integrations-ccr-/_search + ``` + + The response should match the the contents of the leader index on the main cluster. + +4. If there is a mismatch between the leader and follower index, wait up to five minutes for the next sync to be completed in each cluster. To check if the sync is completed, inspect the {{kib}} logs and look for the line `[SyncIntegrationsTask] runTask ended: success`. + +#### Uninstalled integrations are not uninstalled on the remote cluster + +This can happen if the integration cannot be uninstalled on the remote cluster (Cluster B), for example, if it has integration policies assigned to agent policies. To inspect the reason why an integration failed to be uninstalled in the remote cluster, review the integration syncing status of the remote {{es}} output in **{{fleet}}** → **Settings**, or use the API as described in the [Verify the integrations synchronization](#verify-integrations-sync) section. + +#### Integration syncing fails with a retention leases error + +The integrations synchronization feature uses {{ccr}} to sync integration states between the main and the remote clusters. If a remote cluster is unreachable for a long time, the replication stops with a retention leases error. This results in the integration syncing failing with an "Operations are no longer available for replicating. Existing retention leases..." error. + +To resolve this issue, remove the follower index on the remote cluster (Cluster B), then re-add it manually to restart replication: + +1. In the remote cluster (Cluster B), go to **Management** → **Dev Tools**, or to **Developer tools** in {{ecloud}} deployments. +2. Run the following query to find all indices that match `fleet-synced-integrations-ccr-*`: - 1. Go to **Management > Dev Tools** - 2. Run the following query: ```sh - GET fleet-synced-integrations-ccr-/_search + GET fleet-synced-integrations-ccr-* ``` - The response should match the the contents of the leader index on the main cluster. -4. If there is a mismatch between the leader and follower index, wait up to five minutes for the next sync to be completed in each cluster. You can check this by inspecting {{kib}} logs and looking for the line: `[SyncIntegrationsTask] runTask ended: success`. +3. To delete the follower index, run: -#### Uninstalled integrations are not uninstalled on the remote cluster + ```sh + DELETE fleet-synced-integrations-ccr- + ``` + + Replace `` with the name of the remote {{es}} output configured on the main cluster (Cluster A). -This can happen when the integration cannot be uninstalled on the remote cluster, for instance if it has integration policies assigned to agent policies. To inspect the reason why an integration failed to be uninstalled in the remote cluster, review the integration syncing status of the remote {{es}} output in {{fleet}} **Settings** or using the API as described [above](#troubleshooting). +4. Go to **Management** → **Stack Management** → **Cross-Cluster Replication**, and re-add a follower index named `fleet-synced-integrations-ccr-` that replicates the `fleet-synced-integrations` leader index on the main cluster. Replace `` with the name of the remote {{es}} output configured on the main cluster (Cluster A). +5. Click **Resume replication**. \ No newline at end of file From 4296290e58c506da11798529a5df071684ca5d35 Mon Sep 17 00:00:00 2001 From: Visha Angelova Date: Tue, 22 Jul 2025 11:43:40 +0200 Subject: [PATCH 2/7] Small fixes based on review --- reference/fleet/remote-elasticsearch-output.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/reference/fleet/remote-elasticsearch-output.md b/reference/fleet/remote-elasticsearch-output.md index 39e3ae064a..046c1f40a5 100644 --- a/reference/fleet/remote-elasticsearch-output.md +++ b/reference/fleet/remote-elasticsearch-output.md @@ -6,7 +6,6 @@ description: Remote ES output allows you to send agent data to a remote cluster, applies_to: stack: ga deployment: - eck: ga ess: ga ece: ga self: ga @@ -138,7 +137,7 @@ In your remote cluster (Cluster B): 5. In the remote output configuration on the main cluster (Cluster A), add the {{kib}} URL of the remote cluster (Cluster B) in the **Remote Kibana URL** field. 6. In the **Remote Kibana API Key** field, add an API key to access Kibana on the remote cluster (Cluster B). - ::::{dropdown} Create an API Key to access Kibana on the remote cluster + ::::{dropdown} Create an API key to access Kibana on the remote cluster :open: 1. Copy the API request located below the **Remote Kibana API Key** field. 2. In the remote cluster (Cluster B), open the {{kib}} menu, then go to **Management** → **Dev Tools** in self-managed deployments, or to **Developer tools** in {{ecloud}} deployments. @@ -179,7 +178,7 @@ After the integrations synchronization feature is set up, the following {{ccs}} - `:logs-*` - `:metrics-*` -To display these data views, open {{kib}} in your main {{es}} cluster, then go to **Management** -> **Stack management** → **Data Views**. +To display these data views, open {{kib}} in your main {{es}} cluster, then go to **Management** → **Stack management** → **Data Views**. ### Troubleshooting @@ -247,7 +246,7 @@ If the integration syncing reports connection errors or fails to report the sync GET fleet-synced-integrations-ccr-/_search ``` - The response should match the the contents of the leader index on the main cluster. + The response should match the contents of the leader index on the main cluster. 4. If there is a mismatch between the leader and follower index, wait up to five minutes for the next sync to be completed in each cluster. To check if the sync is completed, inspect the {{kib}} logs and look for the line `[SyncIntegrationsTask] runTask ended: success`. From 114c44a94082b8894dec832fddbc4a12191d3e43 Mon Sep 17 00:00:00 2001 From: Visha Angelova Date: Tue, 22 Jul 2025 12:38:14 +0200 Subject: [PATCH 3/7] Add stepper formatting to remote ES output configuration section --- .../fleet/remote-elasticsearch-output.md | 118 ++++++++++++------ 1 file changed, 82 insertions(+), 36 deletions(-) diff --git a/reference/fleet/remote-elasticsearch-output.md b/reference/fleet/remote-elasticsearch-output.md index 046c1f40a5..02833727ec 100644 --- a/reference/fleet/remote-elasticsearch-output.md +++ b/reference/fleet/remote-elasticsearch-output.md @@ -31,53 +31,99 @@ These limitations apply to remote {{es}} output: To configure a remote {{es}} cluster for your {{agent}} data: -1. In your main {{es}} cluster (Cluster A), open {{kib}}, and search for **Fleet settings** in the search bar. Select **Fleet/Settings** in the results. -2. In the **Outputs** section, select **Add output**. -3. In the **Add new output** flyout, provide a name for the output, and select **Remote Elasticsearch** as the output type. -4. In the **Hosts** field, add the URL that {{agent}}s should use to access the remote {{es}} cluster (Cluster B). +:::::{stepper} - ::::{dropdown} Find the remote host address of the remote cluster - :open: - 1. In the remote cluster (Cluster B), open {{kib}}, and search for **Fleet settings** in the search bar. Select **Fleet/Settings** in the results. - 2. In the **Outputs** section, copy the `Hosts` value of the default {{es}} output. If the value is not visible in full, edit the default {{es}} output to display the full value. - 3. In your main cluster (Cluster A), paste the value you copied into the **Hosts** field of the remote output configuration. - :::: +::::{step} +In your main {{es}} cluster (Cluster A), open {{kib}}, and search for **Fleet settings** in the search bar. Select **Fleet/Settings** in the results. +:::: -5. In the **Service Token** field, add a service token to access the remote cluster (Cluster B). +::::{step} +In the **Outputs** section, select **Add output**. +:::: - ::::{dropdown} Create a service token to access the remote cluster - :open: - 1. Copy the API request located below the **Service Token** field. - 2. In the remote cluster (Cluster B), open the {{kib}} menu, then go to **Management** → **Dev Tools** in self-managed deployments, or to **Developer tools** in {{ecloud}} deployments. - 3. Paste the API request in the console, then run it. - 4. Copy the value for the generated service token. - 5. In the main cluster (Cluster A), paste the value you copied into the **Service Token** field of the remote output configuration. - :::: +::::{step} +In the **Add new output** flyout, provide a name for the output, and select **Remote Elasticsearch** as the output type. +:::: - ::::{note} - To prevent unauthorized access, the {{es}} Service Token is stored as a secret value. While secret storage is recommended, you can choose to override this setting, and store the password as plain text in the agent policy definition. Secret storage requires {{fleet-server}} version 8.12 or higher. This setting can also be stored as a secret value or as plain text for preconfigured outputs. To learn more about this option, check [Preconfiguration settings](kibana://reference/configuration-reference/fleet-settings.md#_preconfiguration_settings_for_advanced_use_cases). - :::: +::::{step} +In the **Hosts** field, add the URL that {{agent}}s should use to access the remote {{es}} cluster (Cluster B). -6. Choose whether integrations should be automatically synchronized on the remote {{es}} cluster (Cluster B). To configure this feature, refer to the [Automatic integrations synchronization](#automatic-integrations-synchronization) section. +:::{dropdown} Find the remote host address of the remote cluster +:open: +1. In the remote cluster (Cluster B), open {{kib}}, and search for **Fleet settings** in the search bar. Select **Fleet/Settings** in the results. +2. In the **Outputs** section, copy the `Hosts` value of the default {{es}} output. If the value is not visible in full, edit the default {{es}} output to display the full value. +3. In your main cluster (Cluster A), paste the value you copied into the **Hosts** field of the remote output configuration. +::: +:::: - ::::{note} - This feature is only available with certain subscriptions. For more information, check [Subscriptions](https://www.elastic.co/subscriptions). - :::: +::::{step} +In the **Service Token** field, add a service token to access the remote cluster (Cluster B). + +:::{dropdown} Create a service token to access the remote cluster +:open: +1. Copy the API request located below the **Service Token** field. +2. In the remote cluster (Cluster B), open the {{kib}} menu, then go to **Management** → **Dev Tools** in self-managed deployments, or to **Developer tools** in {{ecloud}} deployments. +3. Paste the API request in the console, then run it. +4. Copy the value for the generated service token. +5. In the main cluster (Cluster A), paste the value you copied into the **Service Token** field of the remote output configuration. +::: + +:::{note} +To prevent unauthorized access, the {{es}} Service Token is stored as a secret value. While secret storage is recommended, you can choose to override this setting, and store the password as plain text in the agent policy definition. Secret storage requires {{fleet-server}} version 8.12 or higher. This setting can also be stored as a secret value or as plain text for preconfigured outputs. To learn more about this option, check [Preconfiguration settings](kibana://reference/configuration-reference/fleet-settings.md#_preconfiguration_settings_for_advanced_use_cases). +::: +:::: + +::::{step} +Choose whether integrations should be automatically synchronized on the remote {{es}} cluster (Cluster B). To configure this feature, refer to the [Automatic integrations synchronization](#automatic-integrations-synchronization) section. -7. Choose whether the remote output should be the default for agent integrations or for agent monitoring data. When set as the default, {{agents}} use this output to send data if no other output is set in the [agent policy](/reference/fleet/agent-policy.md). -8. Select the [performance tuning settings](/reference/fleet/es-output-settings.md#es-output-settings-performance-tuning-settings) to optimize {{agent}}s for throughput, scale, or latency, or leave the default `balanced` setting. -9. Add any [advanced YAML configuration settings](/reference/fleet/es-output-settings.md#es-output-settings-yaml-config) that you’d like for the remote output. -10. Click **Save and apply settings**. +:::{note} +This feature is only available with certain subscriptions. For more information, refer to [Subscriptions](https://www.elastic.co/subscriptions). +::: +:::: + +::::{step} +Choose whether the remote output should be the default for agent integrations or for agent monitoring data. When set as the default, {{agents}} use this output to send data if no other output is set in the [agent policy](/reference/fleet/agent-policy.md). +:::: + +::::{step} +Select the [performance tuning settings](/reference/fleet/es-output-settings.md#es-output-settings-performance-tuning-settings) to optimize {{agent}}s for throughput, scale, or latency, or leave the default `balanced` setting. +:::: + +::::{step} +Add any [advanced YAML configuration settings](/reference/fleet/es-output-settings.md#es-output-settings-yaml-config) that you’d like for the remote output. +:::: + +::::{step} +Click **Save and apply settings**. +:::: + +::::: After the output is created, you can update an {{agent}} policy to use the new output, and send data to the remote {{es}} cluster: -1. In the main cluster (Cluster A), go to **{{fleet}}**, then open the **Agent policies** tab. -2. Click the agent policy you want to update, then click **Settings**. -3. To send integrations data, set the **Output for integrations** option to use the output that you configured in the previous steps. -4. To send {{agent}} monitoring data, set the **Output for agent monitoring** option to use the output that you configured in the previous steps. -5. Click **Save changes**. +:::::{stepper} + +::::{step} +In the main cluster (Cluster A), go to **{{fleet}}**, then open the **Agent policies** tab. +:::: + +::::{step} +Click the agent policy you want to update, then click **Settings**. +:::: + +::::{step} +To send integrations data, set the **Output for integrations** option to use the output that you configured in the previous steps. +:::: + +::::{step} +To send {{agent}} monitoring data, set the **Output for agent monitoring** option to use the output that you configured in the previous steps. +:::: + +::::{step} +Click **Save changes**. The remote {{es}} output is now configured for the remote cluster (Cluster B). +:::: -The remote {{es}} output is now configured for the remote cluster (Cluster B). +::::: If you choose not to synchronize integrations automatically, you need to make sure that for any integrations that are [added to your {{agent}} policy](/reference/fleet/add-integration-to-policy.md), the integration assets are also installed on the remote {{es}} cluster. For detailed steps on this process, refer to [Install and uninstall {{agent}} integration assets](/reference/fleet/install-uninstall-integration-assets.md). From a2127b91676e31daf7fae9596f783f140a9b7d35 Mon Sep 17 00:00:00 2001 From: Visha Angelova Date: Tue, 22 Jul 2025 12:47:43 +0200 Subject: [PATCH 4/7] Add a new heading to separate different steps --- reference/fleet/remote-elasticsearch-output.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/reference/fleet/remote-elasticsearch-output.md b/reference/fleet/remote-elasticsearch-output.md index 02833727ec..a6e43e3d43 100644 --- a/reference/fleet/remote-elasticsearch-output.md +++ b/reference/fleet/remote-elasticsearch-output.md @@ -99,6 +99,8 @@ Click **Save and apply settings**. ::::: +## Using the remote {{es}} output + After the output is created, you can update an {{agent}} policy to use the new output, and send data to the remote {{es}} cluster: :::::{stepper} From 2904161c4c00c8a6118ac3039f4bc0580e9d9306 Mon Sep 17 00:00:00 2001 From: Visha Angelova Date: Tue, 22 Jul 2025 16:11:01 +0200 Subject: [PATCH 5/7] Move Automatic integrations synchronization to a new doc --- .../automatic-integrations-synchronization.md | 200 ++++++++++++++++++ .../fleet/remote-elasticsearch-output.md | 197 +---------------- reference/fleet/toc.yml | 2 + 3 files changed, 205 insertions(+), 194 deletions(-) create mode 100644 reference/fleet/automatic-integrations-synchronization.md diff --git a/reference/fleet/automatic-integrations-synchronization.md b/reference/fleet/automatic-integrations-synchronization.md new file mode 100644 index 0000000000..7d052d843b --- /dev/null +++ b/reference/fleet/automatic-integrations-synchronization.md @@ -0,0 +1,200 @@ +--- +navigation_title: Automatic integrations synchronization +description: The automatic integrations sync feature keeps integrations and custom assets synced between your management Elasticsearch cluster and one or more remote clusters. +applies_to: + stack: ga 9.1 + deployment: + ess: ga + ece: ga + self: ga +products: + - id: fleet + - id: elastic-agent +--- + +# Automatic integrations synchronization + +When enabled, this feature keeps integrations and custom assets synchronized between your main {{es}} cluster and one or more remote {{es}} clusters. + +::::{note} +Automatic integrations synchronization is only available with certain subscriptions. For more information, refer to [Subscriptions](https://www.elastic.co/subscriptions). +:::: + +## Requirements + +* To use this feature, you need a configured [remote {{es}} output](/reference/fleet/remote-elasticsearch-output.md) and a set up [{{ccr}}](/deploy-manage/tools/cross-cluster-replication.md). +* Remote clusters must be running the same {{es}} version as the main cluster, or a newer version that supports {{ccr}}. +* To install integrations, remote clusters require access to the [{{package-registry}}](/reference/fleet/index.md#package-registry-intro). + +## Configure {{ccr}} on the remote cluster + +In your remote cluster (Cluster B): + +1. Open the {{kib}} menu, and go to **Management** → **Stack Management** → **Remote Clusters**. +2. Select **Add a remote cluster**, then follow the steps to add your main cluster (where the remote {{es}} output is configured) as a remote cluster. + + ::::{note} + When prompted to add the remote cluster's _remote address_, enter your main cluster's proxy address: + + 1. In your main cluster (Cluster A), go to **Deployment** → **Manage this deployment** → **Security** (or go to `deployments//security`). + 2. Scroll to the **Remote cluster parameters** section, then copy the **Proxy Address**. + 3. In your remote cluster (Cluster B), enter the copied value in the **Remote address** field of the remote cluster setup. + :::: + + Refer to [Remote clusters](/deploy-manage/remote-clusters.md) for more details on how to add your main cluster (Cluster A) as a remote cluster. + +3. After the remote cluster is added, go to **Management** → **Stack Management** → **Cross-Cluster Replication**. +4. In the **Follower indices** tab, create a follower index named `fleet-synced-integrations-ccr-` that replicates the `fleet-synced-integrations` leader index on the main cluster. Replace `` with the name you provided in the remote output configuration. +5. Resume replication once the follower index is created. + + For more detailed instructions, refer to the [Set up cross-cluster replication](/deploy-manage/tools/cross-cluster-replication/set-up-cross-cluster-replication.md) guide. + +## Configure the integrations synchronization [integrations-sync-config] + +1. In your main {{es}} cluster (Cluster A), open {{kib}}, and search for **Fleet settings** in the search bar. Select **Fleet/Settings** in the results. +2. In the **Outputs** section, edit the remote output for which you want to enable the automatic integrations synchronization. +3. Enable **Synchronize integrations**. +4. Choose whether uninstalled integrations should also be uninstalled on the remote cluster. +5. In the remote output configuration on the main cluster (Cluster A), add the {{kib}} URL of the remote cluster (Cluster B) in the **Remote Kibana URL** field. +6. In the **Remote Kibana API Key** field, add an API key to access Kibana on the remote cluster (Cluster B). + + ::::{dropdown} Create an API key to access Kibana on the remote cluster + :open: + 1. Copy the API request located below the **Remote Kibana API Key** field. + 2. In the remote cluster (Cluster B), open the {{kib}} menu, then go to **Management** → **Dev Tools** in self-managed deployments, or to **Developer tools** in {{ecloud}} deployments. + 3. Paste the API request in the console, then run it. + 4. Copy the encoded value of the generated API key. + 5. In the main cluster (Cluster A), paste the value you copied into the **Remote Kibana API Key** field of the remote output configuration. + :::: + +7. Click **Save and apply settings**. + +You have now configured the automatic integrations synchronization between your main cluster (Cluster A) and your remote cluster (Cluster B). + +## Verify the integrations synchronization [verify-integrations-sync] + +When the integration synchronization is enabled for a remote {{es}} output, the current sync status is reported in **{{fleet}}** → **Settings**, in the **Outputs** section. To see a detailed breakdown of the integration syncing status, click the output's status in the **Integration syncing** column. The **Integrations syncing status** flyout opens with a list of the integrations and any custom assets in your main cluster and their current sync status. + +You can also use the API to view the list of synced integrations with their sync status: + +1. In the main cluster (Cluster A), go to **{{fleet}}** → **Settings**, then open the remote {{es}} output to display its ID. +2. Copy the output ID from the address bar in your browser. +3. Go to **Management** → **Dev Tools** in self-managed deployments, or to **Developer tools** in {{ecloud}} deployments. +4. Run the following query, replacing `` with the copied output ID: + + ```sh + GET kbn:/api/fleet/remote_synced_integrations//remote_status + ``` + + This API call returns the list of synced integrations with their sync status. + +::::{note} +Synchronization can take up to five minutes after an integration is installed, updated, or removed on the main cluster. +:::: + +## View remote cluster data + +After the integrations synchronization feature is set up, the following {{ccs}} data views become available for each remote cluster that you configure: + +- `:logs-*` +- `:metrics-*` + +To display these data views, open {{kib}} in your main {{es}} cluster, then go to **Management** → **Stack management** → **Data Views**. + +## Troubleshooting + +In this section, you can find tips for resolving the following issues: + +- [Integration syncing status failure](#integration-syncing-status-failure) +- [Integrations are not installed on the remote cluster](#integrations-are-not-installed-on-the-remote-cluster) +- [Uninstalled integrations are not uninstalled on the remote cluster](#uninstalled-integrations-are-not-uninstalled-on-the-remote-cluster) +- [Integration syncing fails with a retention leases error](#integration-syncing-fails-with-a-retention-leases-error) + +### Integration syncing status failure + +If the integration syncing reports connection errors or fails to report the syncing status, follow these steps to verify your setup: + +1. In the remote cluster, check the integration sync status using the API: + + 1. Go to **Management** → **Dev Tools**, or to **Developer tools** in {{ecloud}} deployments. + 2. Run the following query: + + ```sh + GET kbn:/api/fleet/remote_synced_integrations/status + ``` + + This API call returns the list of synced integrations with their sync status. + +2. If the above query returns an error, verify your setup: + + - ::::{dropdown} Verify your setup in the remote cluster + :open: + 1. In the remote cluster (Cluster B), go to **Management** → **Stack Management** → **Remote Clusters**. + 2. Check that the main cluster (Cluster A) is connected as a remote cluster. + 3. Go to **Management** → **Stack Management** → **Cross-Cluster Replication**. + 4. Check that {{ccr}} using the main cluster as remote is correctly set up and is active. In particular, check that the name of the follower index `fleet-synced-integrations-ccr-` contains the name of the remote {{es}} output configured on the main cluster (Cluster A). + :::: + - ::::{dropdown} Verify your setup in the main cluster + :open: + 1. In the main cluster (Cluster A), go to **{{fleet}}** → **Settings**. + 2. In the **Outputs** section, check that the remote {{es}} output is healthy. In particular, check that the remote {{es}} output's host URL matches the host URL of an {{es}} output on the remote cluster (Cluster B). + 3. Edit the remote {{es}} output, and check if the remote {{kib}} URL is correct, as well as the validity and privileges of the remote {{kib}} API key. + + Note that an incorrect value in either of these fields does not cause the output to become unhealthy, but it affects the integration synchronization. + :::: + +### Integrations are not installed on the remote cluster + +1. In the main cluster (Cluster A), look for errors in the integration syncing status of the remote {{es}} output in **{{fleet}}** → **Settings**, or use the API as described in the [Verify the integrations synchronization](#verify-integrations-sync) section. + +2. Check the contents of the leader index: + + 1. Go to **Management** → **Dev Tools**, or to **Developer tools** in {{ecloud}} deployments. + 2. Run the following query: + + ```sh + GET fleet-synced-integrations/_search + ``` + + The response payload includes the list of integrations with their install status. + +3. In the remote cluster (Cluster B), check the contents of the follower index: + + 1. Go to **Management** → **Dev Tools**, or to **Developer tools** in {{ecloud}} deployments. + 2. Run the following query, replacing `` with the name of the remote {{es}} output configured on the main cluster (Cluster A): + + ```sh + GET fleet-synced-integrations-ccr-/_search + ``` + + The response should match the contents of the leader index on the main cluster. + +4. If there is a mismatch between the leader and follower index, wait up to five minutes for the next sync to be completed in each cluster. To check if the sync is completed, inspect the {{kib}} logs and look for the line `[SyncIntegrationsTask] runTask ended: success`. + +### Uninstalled integrations are not uninstalled on the remote cluster + +This can happen if the integration cannot be uninstalled on the remote cluster (Cluster B), for example, if it has integration policies assigned to agent policies. To inspect the reason why an integration failed to be uninstalled in the remote cluster, review the integration syncing status of the remote {{es}} output in **{{fleet}}** → **Settings**, or use the API as described in the [Verify the integrations synchronization](#verify-integrations-sync) section. + +### Integration syncing fails with a retention leases error + +The integrations synchronization feature uses {{ccr}} to sync integration states between the main and the remote clusters. If a remote cluster is unreachable for a long time, the replication stops with a retention leases error. This results in the integration syncing failing with an "Operations are no longer available for replicating. Existing retention leases..." error. + +To resolve this issue, remove the follower index on the remote cluster (Cluster B), then re-add it manually to restart replication: + +1. In the remote cluster (Cluster B), go to **Management** → **Dev Tools**, or to **Developer tools** in {{ecloud}} deployments. +2. Run the following query to find all indices that match `fleet-synced-integrations-ccr-*`: + + ```sh + GET fleet-synced-integrations-ccr-* + ``` + +3. To delete the follower index, run: + + ```sh + DELETE fleet-synced-integrations-ccr- + ``` + + Replace `` with the name of the remote {{es}} output configured on the main cluster (Cluster A). + +4. Go to **Management** → **Stack Management** → **Cross-Cluster Replication**, and re-add a follower index named `fleet-synced-integrations-ccr-` that replicates the `fleet-synced-integrations` leader index on the main cluster. Replace `` with the name of the remote {{es}} output configured on the main cluster (Cluster A). +5. Click **Resume replication**. \ No newline at end of file diff --git a/reference/fleet/remote-elasticsearch-output.md b/reference/fleet/remote-elasticsearch-output.md index a6e43e3d43..a9aab456c8 100644 --- a/reference/fleet/remote-elasticsearch-output.md +++ b/reference/fleet/remote-elasticsearch-output.md @@ -74,10 +74,10 @@ To prevent unauthorized access, the {{es}} Service Token is stored as a secret v :::: ::::{step} -Choose whether integrations should be automatically synchronized on the remote {{es}} cluster (Cluster B). To configure this feature, refer to the [Automatic integrations synchronization](#automatic-integrations-synchronization) section. +Choose whether integrations should be automatically synchronized on the remote {{es}} cluster (Cluster B). To configure this feature, refer to [Automatic integrations synchronization](/reference/fleet/automatic-integrations-synchronization.md). :::{note} -This feature is only available with certain subscriptions. For more information, refer to [Subscriptions](https://www.elastic.co/subscriptions). +Automatic integrations synchronization is only available with certain subscriptions. For more information, refer to [Subscriptions](https://www.elastic.co/subscriptions). ::: :::: @@ -133,195 +133,4 @@ If you choose not to synchronize integrations automatically, you need to make su When you use a remote {{es}} output, {{fleet-server}} performs a test to ensure connectivity to the remote cluster. The result of that connectivity test is used to report whether the remote output is healthy or unhealthy, and is displayed on the **{{fleet}}** → **Settings** → **Outputs** page, in the **Status** column. In some cases, the remote {{es}} output used for {{agent}} data can be reached by the {{agent}}s but not by {{fleet-server}}. In those cases, you can ignore the resulting unhealthy state of the output and the associated `Unable to connect` error on the UI. -:::: - -## Automatic integrations synchronization - -```{applies_to} -stack: ga 9.1 -``` - -When enabled, this feature keeps integrations and custom assets synchronized between your main {{es}} cluster and one or more remote {{es}} clusters. - -::::{note} -This feature is only available with certain subscriptions. For more information, check [Subscriptions](https://www.elastic.co/subscriptions). -:::: - -### Requirements - -* This feature requires setting up [{{ccr}}](/deploy-manage/tools/cross-cluster-replication.md). -* Remote clusters must be running the same {{es}} version as the main cluster, or a newer version that supports {{ccr}}. -* To install integrations, remote clusters require access to the [{{package-registry}}](/reference/fleet/index.md#package-registry-intro). - -### Configure {{ccr}} on the remote cluster - -In your remote cluster (Cluster B): - -1. Open the {{kib}} menu, and go to **Management** → **Stack Management** → **Remote Clusters**. -2. Select **Add a remote cluster**, then follow the steps to add your main cluster (where the remote {{es}} output is configured) as a remote cluster. - - ::::{note} - When prompted to add the remote cluster's _remote address_, enter your main cluster's proxy address: - - 1. In your main cluster (Cluster A), go to **Deployment** → **Manage this deployment** → **Security** (or go to `deployments//security`). - 2. Scroll to the **Remote cluster parameters** section, then copy the **Proxy Address**. - 3. In your remote cluster (Cluster B), enter the copied value in the **Remote address** field of the remote cluster setup. - :::: - - Refer to [Remote clusters](/deploy-manage/remote-clusters.md) for more details on how to add your main cluster (Cluster A) as a remote cluster. - -3. After the remote cluster is added, go to **Management** → **Stack Management** → **Cross-Cluster Replication**. -4. In the **Follower indices** tab, create a follower index named `fleet-synced-integrations-ccr-` that replicates the `fleet-synced-integrations` leader index on the main cluster. Replace `` with the name you provided in the remote output configuration. -5. Resume replication once the follower index is created. - - For more detailed instructions, refer to the [Set up cross-cluster replication](/deploy-manage/tools/cross-cluster-replication/set-up-cross-cluster-replication.md) guide. - -### Configure the integrations synchronization [integrations-sync-config] - -1. In your main {{es}} cluster (Cluster A), open {{kib}}, and search for **Fleet settings** in the search bar. Select **Fleet/Settings** in the results. -2. In the **Outputs** section, edit the remote output for which you want to enable the automatic integrations synchronization. -3. Enable **Synchronize integrations**. -4. Choose whether uninstalled integrations should also be uninstalled on the remote cluster. -5. In the remote output configuration on the main cluster (Cluster A), add the {{kib}} URL of the remote cluster (Cluster B) in the **Remote Kibana URL** field. -6. In the **Remote Kibana API Key** field, add an API key to access Kibana on the remote cluster (Cluster B). - - ::::{dropdown} Create an API key to access Kibana on the remote cluster - :open: - 1. Copy the API request located below the **Remote Kibana API Key** field. - 2. In the remote cluster (Cluster B), open the {{kib}} menu, then go to **Management** → **Dev Tools** in self-managed deployments, or to **Developer tools** in {{ecloud}} deployments. - 3. Paste the API request in the console, then run it. - 4. Copy the encoded value of the generated API key. - 5. In the main cluster (Cluster A), paste the value you copied into the **Remote Kibana API Key** field of the remote output configuration. - :::: - -7. Click **Save and apply settings**. - -You have now configured the automatic integrations synchronization between your main cluster (Cluster A) and your remote cluster (Cluster B). - -### Verify the integrations synchronization [verify-integrations-sync] - -When the integration synchronization is enabled for a remote {{es}} output, the current sync status is reported in **{{fleet}}** → **Settings**, in the **Outputs** section. To see a detailed breakdown of the integration syncing status, click the output's status in the **Integration syncing** column. The **Integrations syncing status** flyout opens with a list of the integrations and any custom assets in your main cluster and their current sync status. - -You can also use the API to view the list of synced integrations with their sync status: - -1. In the main cluster (Cluster A), go to **{{fleet}}** → **Settings**, then open the remote {{es}} output to display its ID. -2. Copy the output ID from the address bar in your browser. -3. Go to **Management** → **Dev Tools** in self-managed deployments, or to **Developer tools** in {{ecloud}} deployments. -4. Run the following query, replacing `` with the copied output ID: - - ```sh - GET kbn:/api/fleet/remote_synced_integrations//remote_status - ``` - - This API call returns the list of synced integrations with their sync status. - -::::{note} -Synchronization can take up to five minutes after an integration is installed, updated, or removed on the main cluster. -:::: - -### View remote cluster data - -After the integrations synchronization feature is set up, the following {{ccs}} data views become available for each remote cluster that you configure: - -- `:logs-*` -- `:metrics-*` - -To display these data views, open {{kib}} in your main {{es}} cluster, then go to **Management** → **Stack management** → **Data Views**. - -### Troubleshooting - -In this section, you can find tips for resolving the following issues: - -- [Integration syncing status failure](#integration-syncing-status-failure) -- [Integrations are not installed on the remote cluster](#integrations-are-not-installed-on-the-remote-cluster) -- [Uninstalled integrations are not uninstalled on the remote cluster](#uninstalled-integrations-are-not-uninstalled-on-the-remote-cluster) -- [Integration syncing fails with a retention leases error](#integration-syncing-fails-with-a-retention-leases-error) - -#### Integration syncing status failure - -If the integration syncing reports connection errors or fails to report the syncing status, follow these steps to verify your setup: - -1. In the remote cluster, check the integration sync status using the API: - - 1. Go to **Management** → **Dev Tools**, or to **Developer tools** in {{ecloud}} deployments. - 2. Run the following query: - - ```sh - GET kbn:/api/fleet/remote_synced_integrations/status - ``` - - This API call returns the list of synced integrations with their sync status. - -2. If the above query returns an error, verify your setup: - - - ::::{dropdown} Verify your setup in the remote cluster - :open: - 1. In the remote cluster (Cluster B), go to **Management** → **Stack Management** → **Remote Clusters**. - 2. Check that the main cluster (Cluster A) is connected as a remote cluster. - 3. Go to **Management** → **Stack Management** → **Cross-Cluster Replication**. - 4. Check that {{ccr}} using the main cluster as remote is correctly set up and is active. In particular, check that the name of the follower index `fleet-synced-integrations-ccr-` contains the name of the remote {{es}} output configured on the main cluster (Cluster A). - :::: - - ::::{dropdown} Verify your setup in the main cluster - :open: - 1. In the main cluster (Cluster A), go to **{{fleet}}** → **Settings**. - 2. In the **Outputs** section, check that the remote {{es}} output is healthy. In particular, check that the remote {{es}} output's host URL matches the host URL of an {{es}} output on the remote cluster (Cluster B). - 3. Edit the remote {{es}} output, and check if the remote {{kib}} URL is correct, as well as the validity and privileges of the remote {{kib}} API key. - - Note that an incorrect value in either of these fields does not cause the output to become unhealthy, but it affects the integration synchronization. - :::: - -#### Integrations are not installed on the remote cluster - -1. In the main cluster (Cluster A), look for errors in the integration syncing status of the remote {{es}} output in **{{fleet}}** → **Settings**, or use the API as described in the [Verify the integrations synchronization](#verify-integrations-sync) section. - -2. Check the contents of the leader index: - - 1. Go to **Management** → **Dev Tools**, or to **Developer tools** in {{ecloud}} deployments. - 2. Run the following query: - - ```sh - GET fleet-synced-integrations/_search - ``` - - The response payload includes the list of integrations with their install status. - -3. In the remote cluster (Cluster B), check the contents of the follower index: - - 1. Go to **Management** → **Dev Tools**, or to **Developer tools** in {{ecloud}} deployments. - 2. Run the following query, replacing `` with the name of the remote {{es}} output configured on the main cluster (Cluster A): - - ```sh - GET fleet-synced-integrations-ccr-/_search - ``` - - The response should match the contents of the leader index on the main cluster. - -4. If there is a mismatch between the leader and follower index, wait up to five minutes for the next sync to be completed in each cluster. To check if the sync is completed, inspect the {{kib}} logs and look for the line `[SyncIntegrationsTask] runTask ended: success`. - -#### Uninstalled integrations are not uninstalled on the remote cluster - -This can happen if the integration cannot be uninstalled on the remote cluster (Cluster B), for example, if it has integration policies assigned to agent policies. To inspect the reason why an integration failed to be uninstalled in the remote cluster, review the integration syncing status of the remote {{es}} output in **{{fleet}}** → **Settings**, or use the API as described in the [Verify the integrations synchronization](#verify-integrations-sync) section. - -#### Integration syncing fails with a retention leases error - -The integrations synchronization feature uses {{ccr}} to sync integration states between the main and the remote clusters. If a remote cluster is unreachable for a long time, the replication stops with a retention leases error. This results in the integration syncing failing with an "Operations are no longer available for replicating. Existing retention leases..." error. - -To resolve this issue, remove the follower index on the remote cluster (Cluster B), then re-add it manually to restart replication: - -1. In the remote cluster (Cluster B), go to **Management** → **Dev Tools**, or to **Developer tools** in {{ecloud}} deployments. -2. Run the following query to find all indices that match `fleet-synced-integrations-ccr-*`: - - ```sh - GET fleet-synced-integrations-ccr-* - ``` - -3. To delete the follower index, run: - - ```sh - DELETE fleet-synced-integrations-ccr- - ``` - - Replace `` with the name of the remote {{es}} output configured on the main cluster (Cluster A). - -4. Go to **Management** → **Stack Management** → **Cross-Cluster Replication**, and re-add a follower index named `fleet-synced-integrations-ccr-` that replicates the `fleet-synced-integrations` leader index on the main cluster. Replace `` with the name of the remote {{es}} output configured on the main cluster (Cluster A). -5. Click **Resume replication**. \ No newline at end of file +:::: \ No newline at end of file diff --git a/reference/fleet/toc.yml b/reference/fleet/toc.yml index 711d0b8ec5..32c2b0d456 100644 --- a/reference/fleet/toc.yml +++ b/reference/fleet/toc.yml @@ -70,6 +70,8 @@ toc: - file: ls-output-settings.md - file: kafka-output-settings.md - file: remote-elasticsearch-output.md + children: + - file: automatic-integrations-synchronization.md - file: fleet-settings-changing-outputs.md - file: manage-agents.md children: From de948722d3edb0b2cc048ffe3b7157a682b0d835 Mon Sep 17 00:00:00 2001 From: Visha Angelova Date: Wed, 23 Jul 2025 10:46:11 +0200 Subject: [PATCH 6/7] Fixed cluster naming, removed unnecessary stepper --- .../automatic-integrations-synchronization.md | 64 +++++++++---------- .../fleet/remote-elasticsearch-output.md | 28 ++------ 2 files changed, 38 insertions(+), 54 deletions(-) diff --git a/reference/fleet/automatic-integrations-synchronization.md b/reference/fleet/automatic-integrations-synchronization.md index 7d052d843b..39c4b3a5f4 100644 --- a/reference/fleet/automatic-integrations-synchronization.md +++ b/reference/fleet/automatic-integrations-synchronization.md @@ -23,61 +23,61 @@ Automatic integrations synchronization is only available with certain subscripti ## Requirements * To use this feature, you need a configured [remote {{es}} output](/reference/fleet/remote-elasticsearch-output.md) and a set up [{{ccr}}](/deploy-manage/tools/cross-cluster-replication.md). -* Remote clusters must be running the same {{es}} version as the main cluster, or a newer version that supports {{ccr}}. +* Remote clusters must be running the same {{es}} version as the management cluster, or a newer version that supports {{ccr}}. * To install integrations, remote clusters require access to the [{{package-registry}}](/reference/fleet/index.md#package-registry-intro). ## Configure {{ccr}} on the remote cluster -In your remote cluster (Cluster B): +In your remote cluster: 1. Open the {{kib}} menu, and go to **Management** → **Stack Management** → **Remote Clusters**. -2. Select **Add a remote cluster**, then follow the steps to add your main cluster (where the remote {{es}} output is configured) as a remote cluster. +2. Select **Add a remote cluster**, then follow the steps to add your management cluster (where the remote {{es}} output is configured) as a remote cluster. ::::{note} - When prompted to add the remote cluster's _remote address_, enter your main cluster's proxy address: + When prompted to add the remote cluster's _remote address_, enter your management cluster's proxy address: - 1. In your main cluster (Cluster A), go to **Deployment** → **Manage this deployment** → **Security** (or go to `deployments//security`). + 1. In your management cluster, go to **Deployment** → **Manage this deployment** → **Security** (or go to `deployments//security`). 2. Scroll to the **Remote cluster parameters** section, then copy the **Proxy Address**. - 3. In your remote cluster (Cluster B), enter the copied value in the **Remote address** field of the remote cluster setup. + 3. In your remote cluster, enter the copied value in the **Remote address** field of the remote cluster setup. :::: - Refer to [Remote clusters](/deploy-manage/remote-clusters.md) for more details on how to add your main cluster (Cluster A) as a remote cluster. + Refer to [Remote clusters](/deploy-manage/remote-clusters.md) for more details on how to add your management cluster as a remote cluster. 3. After the remote cluster is added, go to **Management** → **Stack Management** → **Cross-Cluster Replication**. -4. In the **Follower indices** tab, create a follower index named `fleet-synced-integrations-ccr-` that replicates the `fleet-synced-integrations` leader index on the main cluster. Replace `` with the name you provided in the remote output configuration. +4. In the **Follower indices** tab, create a follower index named `fleet-synced-integrations-ccr-` that replicates the `fleet-synced-integrations` leader index on the management cluster. Replace `` with the name you provided in the remote output configuration. 5. Resume replication once the follower index is created. For more detailed instructions, refer to the [Set up cross-cluster replication](/deploy-manage/tools/cross-cluster-replication/set-up-cross-cluster-replication.md) guide. ## Configure the integrations synchronization [integrations-sync-config] -1. In your main {{es}} cluster (Cluster A), open {{kib}}, and search for **Fleet settings** in the search bar. Select **Fleet/Settings** in the results. +1. In your management {{es}} cluster, open {{kib}}, and search for **Fleet settings** in the search bar. Select **Fleet/Settings** in the results. 2. In the **Outputs** section, edit the remote output for which you want to enable the automatic integrations synchronization. 3. Enable **Synchronize integrations**. 4. Choose whether uninstalled integrations should also be uninstalled on the remote cluster. -5. In the remote output configuration on the main cluster (Cluster A), add the {{kib}} URL of the remote cluster (Cluster B) in the **Remote Kibana URL** field. -6. In the **Remote Kibana API Key** field, add an API key to access Kibana on the remote cluster (Cluster B). +5. In the remote output configuration on the management cluster, add the {{kib}} URL of the remote cluster in the **Remote Kibana URL** field. +6. In the **Remote Kibana API Key** field, add an API key to access Kibana on the remote cluster. ::::{dropdown} Create an API key to access Kibana on the remote cluster :open: 1. Copy the API request located below the **Remote Kibana API Key** field. - 2. In the remote cluster (Cluster B), open the {{kib}} menu, then go to **Management** → **Dev Tools** in self-managed deployments, or to **Developer tools** in {{ecloud}} deployments. + 2. In the remote cluster, open the {{kib}} menu, then go to **Management** → **Dev Tools** in self-managed deployments, or to **Developer tools** in {{ecloud}} deployments. 3. Paste the API request in the console, then run it. 4. Copy the encoded value of the generated API key. - 5. In the main cluster (Cluster A), paste the value you copied into the **Remote Kibana API Key** field of the remote output configuration. + 5. In the management cluster, paste the value you copied into the **Remote Kibana API Key** field of the remote output configuration. :::: 7. Click **Save and apply settings**. -You have now configured the automatic integrations synchronization between your main cluster (Cluster A) and your remote cluster (Cluster B). +You have now configured the automatic integrations synchronization between your management cluster and your remote cluster. ## Verify the integrations synchronization [verify-integrations-sync] -When the integration synchronization is enabled for a remote {{es}} output, the current sync status is reported in **{{fleet}}** → **Settings**, in the **Outputs** section. To see a detailed breakdown of the integration syncing status, click the output's status in the **Integration syncing** column. The **Integrations syncing status** flyout opens with a list of the integrations and any custom assets in your main cluster and their current sync status. +When the integration synchronization is enabled for a remote {{es}} output, the current sync status is reported in **{{fleet}}** → **Settings**, in the **Outputs** section. To see a detailed breakdown of the integration syncing status, click the output's status in the **Integration syncing** column. The **Integrations syncing status** flyout opens with a list of the integrations and any custom assets in your management cluster and their current sync status. You can also use the API to view the list of synced integrations with their sync status: -1. In the main cluster (Cluster A), go to **{{fleet}}** → **Settings**, then open the remote {{es}} output to display its ID. +1. In the management cluster, go to **{{fleet}}** → **Settings**, then open the remote {{es}} output to display its ID. 2. Copy the output ID from the address bar in your browser. 3. Go to **Management** → **Dev Tools** in self-managed deployments, or to **Developer tools** in {{ecloud}} deployments. 4. Run the following query, replacing `` with the copied output ID: @@ -89,7 +89,7 @@ You can also use the API to view the list of synced integrations with their sync This API call returns the list of synced integrations with their sync status. ::::{note} -Synchronization can take up to five minutes after an integration is installed, updated, or removed on the main cluster. +Synchronization can take up to five minutes after an integration is installed, updated, or removed on the management cluster. :::: ## View remote cluster data @@ -129,15 +129,15 @@ If the integration syncing reports connection errors or fails to report the sync - ::::{dropdown} Verify your setup in the remote cluster :open: - 1. In the remote cluster (Cluster B), go to **Management** → **Stack Management** → **Remote Clusters**. - 2. Check that the main cluster (Cluster A) is connected as a remote cluster. + 1. In the remote cluster, go to **Management** → **Stack Management** → **Remote Clusters**. + 2. Check that the management cluster is connected as a remote cluster. 3. Go to **Management** → **Stack Management** → **Cross-Cluster Replication**. - 4. Check that {{ccr}} using the main cluster as remote is correctly set up and is active. In particular, check that the name of the follower index `fleet-synced-integrations-ccr-` contains the name of the remote {{es}} output configured on the main cluster (Cluster A). + 4. Check that {{ccr}} using the management cluster as remote is correctly set up and is active. In particular, check that the name of the follower index `fleet-synced-integrations-ccr-` contains the name of the remote {{es}} output configured on the management cluster. :::: - - ::::{dropdown} Verify your setup in the main cluster + - ::::{dropdown} Verify your setup in the management cluster :open: - 1. In the main cluster (Cluster A), go to **{{fleet}}** → **Settings**. - 2. In the **Outputs** section, check that the remote {{es}} output is healthy. In particular, check that the remote {{es}} output's host URL matches the host URL of an {{es}} output on the remote cluster (Cluster B). + 1. In the management cluster, go to **{{fleet}}** → **Settings**. + 2. In the **Outputs** section, check that the remote {{es}} output is healthy. In particular, check that the remote {{es}} output's host URL matches the host URL of an {{es}} output on the remote cluster. 3. Edit the remote {{es}} output, and check if the remote {{kib}} URL is correct, as well as the validity and privileges of the remote {{kib}} API key. Note that an incorrect value in either of these fields does not cause the output to become unhealthy, but it affects the integration synchronization. @@ -145,7 +145,7 @@ If the integration syncing reports connection errors or fails to report the sync ### Integrations are not installed on the remote cluster -1. In the main cluster (Cluster A), look for errors in the integration syncing status of the remote {{es}} output in **{{fleet}}** → **Settings**, or use the API as described in the [Verify the integrations synchronization](#verify-integrations-sync) section. +1. In the management cluster, look for errors in the integration syncing status of the remote {{es}} output in **{{fleet}}** → **Settings**, or use the API as described in the [Verify the integrations synchronization](#verify-integrations-sync) section. 2. Check the contents of the leader index: @@ -158,30 +158,30 @@ If the integration syncing reports connection errors or fails to report the sync The response payload includes the list of integrations with their install status. -3. In the remote cluster (Cluster B), check the contents of the follower index: +3. In the remote cluster, check the contents of the follower index: 1. Go to **Management** → **Dev Tools**, or to **Developer tools** in {{ecloud}} deployments. - 2. Run the following query, replacing `` with the name of the remote {{es}} output configured on the main cluster (Cluster A): + 2. Run the following query, replacing `` with the name of the remote {{es}} output configured on the management cluster: ```sh GET fleet-synced-integrations-ccr-/_search ``` - The response should match the contents of the leader index on the main cluster. + The response should match the contents of the leader index on the management cluster. 4. If there is a mismatch between the leader and follower index, wait up to five minutes for the next sync to be completed in each cluster. To check if the sync is completed, inspect the {{kib}} logs and look for the line `[SyncIntegrationsTask] runTask ended: success`. ### Uninstalled integrations are not uninstalled on the remote cluster -This can happen if the integration cannot be uninstalled on the remote cluster (Cluster B), for example, if it has integration policies assigned to agent policies. To inspect the reason why an integration failed to be uninstalled in the remote cluster, review the integration syncing status of the remote {{es}} output in **{{fleet}}** → **Settings**, or use the API as described in the [Verify the integrations synchronization](#verify-integrations-sync) section. +This can happen if the integration cannot be uninstalled on the remote cluster, for example, if it has integration policies assigned to agent policies. To inspect the reason why an integration failed to be uninstalled in the remote cluster, review the integration syncing status of the remote {{es}} output in **{{fleet}}** → **Settings**, or use the API as described in the [Verify the integrations synchronization](#verify-integrations-sync) section. ### Integration syncing fails with a retention leases error The integrations synchronization feature uses {{ccr}} to sync integration states between the main and the remote clusters. If a remote cluster is unreachable for a long time, the replication stops with a retention leases error. This results in the integration syncing failing with an "Operations are no longer available for replicating. Existing retention leases..." error. -To resolve this issue, remove the follower index on the remote cluster (Cluster B), then re-add it manually to restart replication: +To resolve this issue, remove the follower index on the remote cluster, then re-add it manually to restart replication: -1. In the remote cluster (Cluster B), go to **Management** → **Dev Tools**, or to **Developer tools** in {{ecloud}} deployments. +1. In the remote cluster, go to **Management** → **Dev Tools**, or to **Developer tools** in {{ecloud}} deployments. 2. Run the following query to find all indices that match `fleet-synced-integrations-ccr-*`: ```sh @@ -194,7 +194,7 @@ To resolve this issue, remove the follower index on the remote cluster (Cluster DELETE fleet-synced-integrations-ccr- ``` - Replace `` with the name of the remote {{es}} output configured on the main cluster (Cluster A). + Replace `` with the name of the remote {{es}} output configured on the management cluster. -4. Go to **Management** → **Stack Management** → **Cross-Cluster Replication**, and re-add a follower index named `fleet-synced-integrations-ccr-` that replicates the `fleet-synced-integrations` leader index on the main cluster. Replace `` with the name of the remote {{es}} output configured on the main cluster (Cluster A). +4. Go to **Management** → **Stack Management** → **Cross-Cluster Replication**, and re-add a follower index named `fleet-synced-integrations-ccr-` that replicates the `fleet-synced-integrations` leader index on the management cluster. Replace `` with the name of the remote {{es}} output configured on the management cluster. 5. Click **Resume replication**. \ No newline at end of file diff --git a/reference/fleet/remote-elasticsearch-output.md b/reference/fleet/remote-elasticsearch-output.md index a9aab456c8..4f635de005 100644 --- a/reference/fleet/remote-elasticsearch-output.md +++ b/reference/fleet/remote-elasticsearch-output.md @@ -103,29 +103,13 @@ Click **Save and apply settings**. After the output is created, you can update an {{agent}} policy to use the new output, and send data to the remote {{es}} cluster: -:::::{stepper} +1. In the main cluster (Cluster A), go to **{{fleet}}**, then open the **Agent policies** tab. +2. Click the agent policy you want to update, then click **Settings**. +3. To send integrations data, set the **Output for integrations** option to use the output that you configured in the previous steps. +4. To send {{agent}} monitoring data, set the **Output for agent monitoring** option to use the output that you configured in the previous steps. +5. Click **Save changes**. -::::{step} -In the main cluster (Cluster A), go to **{{fleet}}**, then open the **Agent policies** tab. -:::: - -::::{step} -Click the agent policy you want to update, then click **Settings**. -:::: - -::::{step} -To send integrations data, set the **Output for integrations** option to use the output that you configured in the previous steps. -:::: - -::::{step} -To send {{agent}} monitoring data, set the **Output for agent monitoring** option to use the output that you configured in the previous steps. -:::: - -::::{step} -Click **Save changes**. The remote {{es}} output is now configured for the remote cluster (Cluster B). -:::: - -::::: +The remote {{es}} output is now configured for the remote cluster. If you choose not to synchronize integrations automatically, you need to make sure that for any integrations that are [added to your {{agent}} policy](/reference/fleet/add-integration-to-policy.md), the integration assets are also installed on the remote {{es}} cluster. For detailed steps on this process, refer to [Install and uninstall {{agent}} integration assets](/reference/fleet/install-uninstall-integration-assets.md). From 130d4e015b3866c4f9b0b2ed3c8815359a1916c4 Mon Sep 17 00:00:00 2001 From: Visha Angelova Date: Thu, 24 Jul 2025 20:35:51 +0200 Subject: [PATCH 7/7] More cluster naming fixes --- .../automatic-integrations-synchronization.md | 4 ++-- .../fleet/remote-elasticsearch-output.md | 20 +++++++++---------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/reference/fleet/automatic-integrations-synchronization.md b/reference/fleet/automatic-integrations-synchronization.md index 39c4b3a5f4..cf1f5b1b68 100644 --- a/reference/fleet/automatic-integrations-synchronization.md +++ b/reference/fleet/automatic-integrations-synchronization.md @@ -99,7 +99,7 @@ After the integrations synchronization feature is set up, the following {{ccs}} - `:logs-*` - `:metrics-*` -To display these data views, open {{kib}} in your main {{es}} cluster, then go to **Management** → **Stack management** → **Data Views**. +To display these data views, open {{kib}} in your management {{es}} cluster, then go to **Management** → **Stack management** → **Data Views**. ## Troubleshooting @@ -177,7 +177,7 @@ This can happen if the integration cannot be uninstalled on the remote cluster, ### Integration syncing fails with a retention leases error -The integrations synchronization feature uses {{ccr}} to sync integration states between the main and the remote clusters. If a remote cluster is unreachable for a long time, the replication stops with a retention leases error. This results in the integration syncing failing with an "Operations are no longer available for replicating. Existing retention leases..." error. +The integrations synchronization feature uses {{ccr}} to sync integration states between the management and the remote clusters. If a remote cluster is unreachable for a long time, the replication stops with a retention leases error. This results in the integration syncing failing with an "Operations are no longer available for replicating. Existing retention leases..." error. To resolve this issue, remove the follower index on the remote cluster, then re-add it manually to restart replication: diff --git a/reference/fleet/remote-elasticsearch-output.md b/reference/fleet/remote-elasticsearch-output.md index 9f4b0f8f01..eef3820daa 100644 --- a/reference/fleet/remote-elasticsearch-output.md +++ b/reference/fleet/remote-elasticsearch-output.md @@ -18,7 +18,7 @@ products: Remote {{es}} outputs allow you to send {{agent}} data to a remote {{es}} cluster. This is especially useful for data that you want to keep separate and independent from the deployment where you use {{fleet}} to manage the {{agent}}s. -A remote {{es}} cluster supports the same [output settings](/reference/fleet/es-output-settings.md) as your main {{es}} cluster. +A remote {{es}} cluster supports the same [output settings](/reference/fleet/es-output-settings.md) as your management {{es}} cluster. ## Limitations @@ -34,7 +34,7 @@ To configure a remote {{es}} cluster for your {{agent}} data: :::::{stepper} ::::{step} -In your main {{es}} cluster (Cluster A), open {{kib}}, and search for **Fleet settings** in the search bar. Select **Fleet/Settings** in the results. +In your management {{es}} cluster, open {{kib}}, and search for **Fleet settings** in the search bar. Select **Fleet/Settings** in the results. :::: ::::{step} @@ -46,26 +46,26 @@ In the **Add new output** flyout, provide a name for the output, and select **Re :::: ::::{step} -In the **Hosts** field, add the URL that {{agent}}s should use to access the remote {{es}} cluster (Cluster B). +In the **Hosts** field, add the URL that {{agent}}s should use to access the remote {{es}} cluster. :::{dropdown} Find the remote host address of the remote cluster :open: -1. In the remote cluster (Cluster B), open {{kib}}, and search for **Fleet settings** in the search bar. Select **Fleet/Settings** in the results. +1. In the remote cluster, open {{kib}}, and search for **Fleet settings** in the search bar. Select **Fleet/Settings** in the results. 2. In the **Outputs** section, copy the `Hosts` value of the default {{es}} output. If the value is not visible in full, edit the default {{es}} output to display the full value. -3. In your main cluster (Cluster A), paste the value you copied into the **Hosts** field of the remote output configuration. +3. In your management cluster, paste the value you copied into the **Hosts** field of the remote output configuration. ::: :::: ::::{step} -In the **Service Token** field, add a service token to access the remote cluster (Cluster B). +In the **Service Token** field, add a service token to access the remote cluster. :::{dropdown} Create a service token to access the remote cluster :open: 1. Copy the API request located below the **Service Token** field. -2. In the remote cluster (Cluster B), open the {{kib}} menu, then go to **Management** → **Dev Tools** in self-managed deployments, or to **Developer tools** in {{ecloud}} deployments. +2. In the remote cluster, open the {{kib}} menu, then go to **Management** → **Dev Tools** in self-managed deployments, or to **Developer tools** in {{ecloud}} deployments. 3. Paste the API request in the console, then run it. 4. Copy the value for the generated service token. -5. In the main cluster (Cluster A), paste the value you copied into the **Service Token** field of the remote output configuration. +5. In the management cluster, paste the value you copied into the **Service Token** field of the remote output configuration. ::: :::{note} @@ -74,7 +74,7 @@ To prevent unauthorized access, the {{es}} Service Token is stored as a secret v :::: ::::{step} -Choose whether integrations should be automatically synchronized on the remote {{es}} cluster (Cluster B). To configure this feature, refer to [Automatic integrations synchronization](/reference/fleet/automatic-integrations-synchronization.md). +Choose whether integrations should be automatically synchronized on the remote {{es}} cluster. To configure this feature, refer to [Automatic integrations synchronization](/reference/fleet/automatic-integrations-synchronization.md). :::{note} Automatic integrations synchronization is only available with certain subscriptions. For more information, refer to [Subscriptions](https://www.elastic.co/subscriptions). @@ -103,7 +103,7 @@ Click **Save and apply settings**. After the output is created, you can update an {{agent}} policy to use the new output, and send data to the remote {{es}} cluster: -1. In the main cluster (Cluster A), go to **{{fleet}}**, then open the **Agent policies** tab. +1. In the management cluster, go to **{{fleet}}**, then open the **Agent policies** tab. 2. Click the agent policy you want to update, then click **Settings**. 3. To send integrations data, set the **Output for integrations** option to use the output that you configured in the previous steps. 4. To send {{agent}} monitoring data, set the **Output for agent monitoring** option to use the output that you configured in the previous steps.