Elastic Agent - Multiple inputs/output through Fleet

vee · October 18, 2023, 9:50pm

Hello, here's our current setup:

Multiple filebeats on a single VM (hundreds of VMs - Linux & windows based)
Each filebeat scrapes from a unique path, sends to unique output (logstash endpoints)
Metricbeat on each of those VMs

We explored Elastic Agent, but couldn't find a way to replace ALL filebeats on a VM with one single agent when managed through Fleet. It's because each agent can be assigned to one policy, and one policy seems to have only one output as endpoint.

Question 1:

Is it possible to have multiple inputs & multiple outputs through Elastic Agent, managed by Fleet? If so, any pointers will be helpful.

Question 2:

It appears to have elastic agent installed, we MUST have sudo access (root level). Is there a way we can get this done without the sudo access?

We checked with standalone agent, and that appears to be working - but want this to be managed through Fleet instead for centralized management.

Thanks for your time!

leandrojmp · October 18, 2023, 10:33pm

Elastic Agent runs beats processes underneath, so it has the same limitation regarding outputs, it can have only one output.

The inputs is pretty similar, you can have multiple inputs, but only one output.

I don't think so, the Fleet Managed Agents needs to have sudo permissions to update its integration and itself, also depending on the integration some data may be only accessible with superuser permissions.

vee · October 19, 2023, 2:58pm

Thanks @leandrojmp

system · November 16, 2023, 2:59pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.