Currently, my system is collecting log data using Filestream (Custom Logs integration). The thousand agents are managed by policies in the Fleet server.
The machines that have the Agents installed usually need to be checked and maintained, and we want to stop collecting data temporarily to investigate.
Is there any option to disable Filebeat on the Agents temporarily, without unenrolling them from Fleet or uninstalling policies (there are many setup steps we do not want to reconfigure)?
I find there is a toggle in the Integration Settings, but I’m not sure if this disables the collection. I tested it, and when I disable the toggle, some data still gets sent to Logstash from the Agents.
Sorry for the late reply. Just to be clear, when I said "data," I actually meant data collected from files by filestream, not Agent data itself like logs or metrics in your picture.
You need to disable the data collection in the integration and wait for the agents to get the last version of the policy from fleet, but this will affect all agents on the policy.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
