Skip to content

[Website]: Improve documentation for Fleet -> remote Elasticsearch output #4026

New issue
New issue
Open
Open
[Website]: Improve documentation for Fleet -> remote Elasticsearch output#4026
Labels
Team:IngestIssues owned by the Ingest Docs Teamsource:webIssues originating from the elastic.co docs
@laraMorenoIgle

Description

@laraMorenoIgle
laraMorenoIgle
opened on Nov 21, 2025

Type of issue

None

What documentation page is affected

https://www.elastic.co/docs/reference/fleet/remote-elasticsearch-output

What happened?

Several suggestions:

  1. Write a note that states clearly that the Fleet Server managing the agents needs to have access to the Elasticsearch cluster configured as remote Elasticsearch output.

    Some more detail: during the configuration of the remote output, you need to get a service token on the remote cluster.
    It is important to note that the service token just give the Fleet server the rights to create the API key that will be used by the elastic agent for the ingestion into the remote elasticsearch cluster.
    So Fleet Server will connect to the remote Elasticsearch using the Service token to generate the API key.

  2. Per previous point, the note at the bottom of the page https://www.elastic.co/docs/reference/fleet/remote-elasticsearch-output is not completely accurate.

 In some cases, the remote Elasticsearch output used for Elastic Agent data can be reached by the Elastic Agents but not by Fleet Server. In those cases, you can ignore the resulting unhealthy state of the output and the associated Unable to connect error on the UI.

The some cases makes the sentence vague and could lead readers to think that the connectivity is not required. In fact, the connectivity is still required, but in some scenarios with multiple fleet servers that error could be harmless as long as one of the fleet servers have access to the remote cluster to use the service token and setup everything.

Consider for example this text for the note:

The Fleet Server will attempt to test all the Elasticsearch Remote Outputs. 
If, for instance, you have 3 different Fleet Servers with different scopes, it can be expected that 1 Fleet server is able to reach out an Elasticsearch Remote Output but not the others. 
In that case, the Elasticsearch Remote Output will be marked as unhealthy. But this can be ignored as long as the Fleet server that needs to have access to such Elasticsearch Remote Output, does have it.
  1. User may need to add ssl settings for Fleet Server to connect to remote Elasticsearch (that's missing in the doc completely).
    It is not clear in https://www.elastic.co/docs/reference/fleet/remote-elasticsearch-output how to do that.
    We could either add some screenshots there explaining how to do it, or, at least add some links pointing to the documentation:
    https://www.elastic.co/docs/reference/fleet/tls-overview#output-ssl-options
    Please, note that latest version do have the options, but older ones (for instance, 9.0.1 don't, and you need to add the ssl.certificate_authorities in Advanced YAML configuration)
Image
  1. Also please note that there was a bug fixed on 8.15.0 onwards, [Fleet] Remote Elasticsearch output do not support custom ssl certificate fleet-server#3490, that ignored the SSL settings in Advanced YAML configuration

Additional info

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    Team:IngestIssues owned by the Ingest Docs Teamsource:webIssues originating from the elastic.co docs

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions