I walked into an existing ELK stack and an learning as i go.
Ihave a 7.10.1 ELK Stack with around 5K Agents depolyed at 7.10.1 using Fleet.
** Understanding DATA Destination **
Under the Global Fleet Settings it says.
"Global Output: Specify Where to send the Data"
there is a Kibana URL and an ElasticSearch URL.
Which Destination is actually receiving the data?
** Changing DATA Destination **
I have been asked if we can send the agent logs through an intermediate KAFKA syslog layer, then following our more standard data log ingesting using Topics/Logstash off of those.
Some questions:
Are the logs in syslog format from the agents to the data destination?
Could i add another data destination in Fleet and push that out to the Agents?
Does this approach make sense?
thanks all for your thoughts/help on this topic.
