Hi
In filebeat configuration, I could use the following config to create a separate index per kubernetes namespace.
output.elasticsearch:
indices:
- index: '%{[kubernetes.namespace]}-%{[agent.version]}-%{+yyyy.MM.dd}'
when:
or:
- equals.kubernetes.namespace: "namespace1"
- equals.kubernetes.namespace: "namespace2"
How do I achieve the same result using ElasticAgent ? I am using version 7.17.5 of Kibana.
Appreciate your help.
Hi @umesh2020
Are you using standalone elastic-agent ? if yes - I think you should be able to define an output - similar as defined here, and then use_output setting
For fleet managed elastic-agent, I think you should be able to define another output with desired configuration and use this output for added integration (under Advanced options)
I am using fleet managed elastic-agent. Can you point me to some relevant links ?
Also, my namespaces are dynamically created, so is there a REST API that I can use to dynamically define these outputs ? In filebeat, I used to update the configuration using helm whenever a new environment is created.
You can check output setting and add desired configuration under Elasticsearch output configuration
I am not sure if in version 7.17 there was an option to create another output - seems it was added in 8.x, so adjusting the default output should be enough.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.