Cluster with packetbeat

Hello, I'm trying to form a cluster and in this cluster I want to add several nodes and install packtbeat on each node. But when I do that, the data sent from packtbeat is shared across the entire cluster. Is there any way to send data to the node where packtbeat is installed? Or filter the data? And what would be the best structure for this problem?

Welcome to our community! :smiley:

You can tell Packetbeat to only ingest the data it gets to a single node, but if that node is part of the cluster then the indices will be shared across all the nodes. That's what Elasticsearch is designed to do.

It's not clear what the problem you are trying to solve is sorry :slight_smile:

And if I have 2 clusters and then apply cross-clustering, would I be able to analyze the data without it being replicated?

Cross cluster what - search or replication?

Sorry, yes search or replication

Yes you shoudl be able to do that without having to replicate that across each cluster, unless you actually use cross cluster replication that is.

Ok so if I have 2 clusters can I do cross search and analyze the data from these 2 clusters without replicating?

Based on what you have told us here, yes that should work.

In this document (Trust management | Elasticsearch Service Documentation | Elastic) it says that the clusters have to trust each other and to do that I have to go to Trusted deployments > Add trusted environment, but I don't have this option in my kibana, I'm using your 30 days free-trail.

You're using our Cloud service?

No, my infrastructure is on-premises

That link is for our Elasticsearch Service then, so it doesn't apply.

Try Cross-cluster replication | Elasticsearch Guide [8.7] | Elastic

This documentation is for cross-cluster replication I don't want that I want cross-cluster search. Can you give the documentation for the cross-cluster search please.

Sorry it's kind of hard to follow you, as you were talking about replication, then talking about cloud, now you are on prem and want cross cluster search.

Try Search across clusters | Elasticsearch Guide [8.7] | Elastic.

I tried to do the first step in this documentation(Tutorial: Set up cross-cluster replication | Elasticsearch Guide [8.7] | Elastic) and I couldn't connect one cluster with another i have port 9300 open on both clusters

I think it'd be worth creating a new topic for that :slight_smile:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.