Best approach to reuse an already existing ELK enviroment to monitor a new E-Commerce Env

Good morning.

I've been requested to use an already existing ELK environment that until now has been used to monitor a single E-Commerce App environment.
The client is asking me now to reuse this ELK environment to monitor a new group of servers that compose an different E-Commerce environment.

Currently, I don't have access to the ELK environment but I know that they use File and Metricbeats to send data directly to the ES servers.

I have some doubts about what should be the best approach when I have to monitor two environments by using beat's custom dashboards for both of them.

I guess that during the initial installation of ELK, the person who installed it, used a default index configuration from the filebeats (filebeat setup -e) to create the index templates, the datastreams, and to upload the dashboards.
One of my fears is that if I do the same, the data of both E-Commerce environments will get mixed in the same Indices, and therefore also in the same dashboards.
I guess that I could fix that by cloning the Dashboards and setting two different filters to separate the two groups of servers. But I see a new problem. What happens if the client asks for two different data retention policies for this two E-Commerce environments?.

In my VM home environment I set filebeat to create default indices for a couple of servers and a custom index for a third server. I've managed to get the third's server data in custom indices but when I create a clone of a default filebeat dashboard, it keeps pointing the indices that were created for my first two nodes. I tried to export the saved object and to edit it to point to a new Dataview and to import it, but I did not manage to make it work.

I know that I'm making different cuestions that are in the scope of different ELK components, but I want everybody to get the whole picture as much as possible.

What I want to know in this post is: What are your opinions about what should be the best approach?.

Things like:
A) Creating a new dedicated ELK environment and forgetting about sharing the same ELK.
B) Using the same indices, cloning Dashboards and applying filters on them, suggesting to the client to apply the same ILM.
C) Using different indices for the different E-Commerce environments and following a list a steps to get everything working.
D) ... Any other solution I'm not even thinking about. (I'm open to different suggestions).

Thank you very much in advance and best regards.

Carlos T.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.