custom logs

http

Using the custom api logs integration is tricky, and not recommended. Elastic recommends using the Common Expression Language (cel) version now, but I don’t know that yet.

Get agent status

Get the agent status using the get agents api.

Use something like the following to get the unhealthy or offline agents.

https://kibana.k8s.wafflelab.online:5601/api/fleet/agents?perPage=100&showInactive=true&getStatusSummary=true&kuery=status:unhealthy%20or%20status:offline

Do api authorization by setting the request transforms to the following:

- set:
    target: headers.Authorization
    value: "API KEY"
- set:
    target: headers.kbn-xsrf
    value: true

The kbn-xsrf header is necessary to get around xsrf protections in kibana.