We have deployed multiple Logstash instances to separate geolocations and there are multiple Beats instances connected to each Logstash instance in their own geolocation. In a way, it is a distributed setup to different sites, so each site has their own set of Beats and one Logstash instance. All the Logstash instances are connected to a central Elasticsearch cluster.
None of the Beats are allowed to talk directly to the Elasticsearch cluster, only Logstash instances are connected to the Elasticsearch cluster directly.
With this in mind, it would be really handy if there would be a way to enable Beats monitoring and centralized configuration through Logstash, so we wouldn't need to enable port forward on each of the Logstash machines, but we could just add a new input and output in Logstash configurations in order to enable Beats management through Logstash.
Is this something you have been thinking about, or what are your thoughts about my suggestion?