Hello everyone,
I previously monitored my Linux servers using Filebeat and Metricbeat agents. The data from each of them went to a dedicated index in Elasticsearch based on the default ECS template.
Now I want to switch to using the Elastic agent version 8.11.3, but I want it to work the same way with Elasticsearch, which isn't possible because it operates on data streams. Is there a way to work without data streams in the old way? (The agent writes to the Logstash server, and it writes to Elasticsearch).
Why do you want this? What is the benefit?
I want to explore this option because that's how my infrastructure is currently set up.
It doesn't necessarily have advantages.
Have you ckecked the documentation around output configuration?
1 Like
Certainly, and I did not find any useful information here for my question.