Skip to content

Fleetserver connectivity requirments when using an elasticsearch remote output #4244

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
vishaangelova merged 4 commits into from
Jan 13, 2026
Merged

Fleetserver connectivity requirments when using an elasticsearch remote output #4244

vishaangelova merged 4 commits into from
Jan 13, 2026

Conversation

@mjmbischoff
Copy link
Contributor

@mjmbischoff mjmbischoff commented Dec 9, 2025
edited
Loading

In addition to connectivity check the fleet server also creates apikeys using the service token. This is currently not documented well, moreover we currently lead users astray telling them to ignore the output health.

This PR only addresses the note, a more elaborate section should be added to guide the user.

Summary

Generative AI disclosure

  1. Did you use a generative AI (GenAI) tool to assist in creating this contribution?
  • Yes
  • No

@mjmbischoff
Update remote-elasticsearch-output.md
f5a10c5 
In addition to connectivity check the fleet server also creates apikeys using the service token. This is currently not documented well, moreover we currently lead users astray telling them to ignore the output health.
@mjmbischoff mjmbischoff requested a review from a team as a code owner December 9, 2025 09:39
@mjmbischoff mjmbischoff self-assigned this Dec 9, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Dec 9, 2025
edited
Loading

Vale Linting Results

Summary: 1 suggestion found

💡 Suggestions (1)
File Line Rule Message
reference/fleet/remote-elasticsearch-output.md 122 Elastic.Wordiness Consider using 'sometimes' instead of 'In some cases'.

The Vale linter checks documentation changes against the Elastic Docs style guide.

To use Vale locally or report issues, refer to Elastic style guide for Vale.

@github-actions
Copy link
Contributor

github-actions bot commented Dec 9, 2025
edited
Loading

🔍 Preview links for changed docs

@mjmbischoff mjmbischoff changed the title Fleetserver connectivity requirments when usign an elasticsearch remote output Fleetserver connectivity requirments when using an elasticsearch remote output Dec 10, 2025
@bmorelli25
Copy link
Member

bmorelli25 commented Dec 16, 2025

Thanks for the contribution! @vishaangelova can you please give this an editorial review.

@vishaangelova
Copy link
Contributor

vishaangelova commented Dec 18, 2025

Thank you, @mjmbischoff!

After considering your addition at the end of the note, I think it might actually be better to move this out of the note and add it as a separate item under the Limitations section, for example like this:

* {{fleet-server}} must be able to reach the remote {{es}} cluster with a service token to create API keys for any {{agents}} that use the remote {{es}} output.

I hope I understood this correctly, but let me know if not or if I’m missing something.

a more elaborate section should be added to guide the user

Would you mind opening a docs issue with some more details about this?

@mjmbischoff
Copy link
Contributor Author

mjmbischoff commented Dec 23, 2025
edited
Loading

I hope I understood this correctly, but let me know if not or if I’m missing something.

Yeah, I think that description is fine. I'm not too particular about the location. What does need some sort of update is the "In some cases, the remote {{es}} output used for {{agent}} data can be reached by the {{agent}}s but not by {{fleet-server}}. In those cases, you can ignore the resulting unhealthy state of the output and the associated Unable to connect error on the UI." part as it gives the illusion that there is a scenario where we can ignore the health, but authentication is always required.

Would you mind opening a docs issue with some more details about this?

That's actually quite tricky as I'm unsure who on the dev side of things is responsible for this part.

vishaangelova
vishaangelova approved these changes Jan 13, 2026
View reviewed changes
Copy link
Contributor

@vishaangelova vishaangelova left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I’ve updated the PR to include the suggested changes from the tech writer review (commit), so LGTM.

@mjmbischoff
Copy link
Contributor Author

mjmbischoff commented Jan 13, 2026

Changes are good.

We'll follow up with general documentation around how things are put together in other PR's, and this addresses the immediate concerns. Thank you @vishaangelova

@vishaangelova vishaangelova merged commit 5e20b22 into main Jan 13, 2026
8 checks passed
@vishaangelova vishaangelova deleted the mjmbischoff-patch-2 branch January 13, 2026 11:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vishaangelova vishaangelova vishaangelova approved these changes

Assignees

@mjmbischoff mjmbischoff

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mjmbischoff @bmorelli25 @vishaangelova