I'm using the default elastic agents with windows integrations and some linux ones with linux integrations.
Is there a way to send the data from these agents to two locations and two ports? a logstash and elasticsearch server specifically.
If so how would i go about this? i saw it can be done to different Elasticsearch nodes, from fleet, can this be done to a log and elastic server?
No, this is not possible, the Elastic Agent runs beats behind the scenes and the beats only supports one output.
Can you share what you saw and where?
Oh ok, that doenst help my issue, ill have to attempt to send it to elastic and then on the same machine into logstash some how.
so on elasticsearch, fleet> Settings> Outputs, "add output" under type it says Elasticsearch or Logstash. so i assume you could.... I just dont know the configuration for this.
You could send the output of an Elastic Agent to Elasticsearch OR to Logstash, but not both at the same time, only one output is allowed.
What you can do is configure the Elastic Agent to send logs to Logstash and use Logstash to send those logs to other places as it allows you to have more outputs.
There are some configuration changes that you need to do to make the integrations work while sending logs to Logstash, you need to check the documentation.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.